Re: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
From: Junio C Hamano <gitster@xxxxxxxxx>
Date: Thu, 13 Jul 2023 09:14:05 -0700
Cc: Taylor Blau <me@xxxxxxxxxxxx>, git@xxxxxxxxxxxxxxx, Derrick Stolee <derrickstolee@xxxxxxxxxx>, Jeff King <peff@xxxxxxxx>, Johannes Schindelin <Johannes.Schindelin@xxxxxx>, Victoria Dye <vdye@xxxxxxxxxx>
In-reply-to: <5d2cf09f-34c7-9a88-bab2-8bf348dd13bb@gmail.com> (Phillip Wood's message of "Thu, 13 Jul 2023 09:21:55 +0100")
References: <cover.1689205042.git.me@ttaylorr.com> <d6902cd9e7f7f2a6b8044c8fb782a28c23e15600.1689205042.git.me@ttaylorr.com> <5d2cf09f-34c7-9a88-bab2-8bf348dd13bb@gmail.com>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)

Phillip Wood <phillip.wood123@xxxxxxxxx> writes:

>> -		p->crc_offset = 8 + 4 * 256 + nr * hashsz;
>> +		p->crc_offset = st_add(8 + 4 * 256, st_mult(nr, hashsz));
>
> p->crc_offset is a uint32_t so we're still prone to truncation here

Good eyes.  Thanks.

References:
- [PATCH 00/20] guard object lookups against 32-bit overflow
  - From: Taylor Blau
- [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
  - From: Taylor Blau
- Re: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
  - From: Phillip Wood

Prev by Date: Re: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
Next by Date: Re: [PATCH v5 0/3] don't imply that integration is always required before pushing
Previous by thread: Re: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
Next by thread: [PATCH 01/20] packfile.c: prevent overflow in `nth_packed_object_id()`
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel Development] [Gcc Help] [IETF Annouce] [DCCP] [Netdev] [Networking] [Security] [V4L] [Bugtraq] [Yosemite] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux SCSI] [Fedora Users]