In a similar spirit as previous commits, ensure that we don't overflow
when choosing how to split and merge different layers of the
commit-graph.
In particular, avoid a potential overflow between `size_mult` and
`num_commits`, as well as a potential overflow between the number of
commits currently in the merged graph, and the number of commits in the
graph about to be merged.
Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx>
---
commit-graph.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/commit-graph.c b/commit-graph.c
index 35f700273b..8010e0763e 100644
--- a/commit-graph.c
+++ b/commit-graph.c
@@ -2111,11 +2111,16 @@ static void split_graph_merge_strategy(struct write_commit_graph_context *ctx)
if (flags != COMMIT_GRAPH_SPLIT_MERGE_PROHIBITED &&
flags != COMMIT_GRAPH_SPLIT_REPLACE) {
- while (g && (g->num_commits <= size_mult * num_commits ||
+ while (g && (g->num_commits <= st_mult(size_mult, num_commits) ||
(max_commits && num_commits > max_commits))) {
if (g->odb != ctx->odb)
break;
+ if (unsigned_add_overflows(num_commits, g->num_commits))
+ die(_("cannot merge graphs with %"PRIuMAX", "
+ "%"PRIuMAX" commits"),
+ (uintmax_t)num_commits,
+ (uintmax_t)g->num_commits);
num_commits += g->num_commits;
g = g->base_graph;
--
2.41.0.347.g7b976b8871f
