Junio C Hamano <gitster@xxxxxxxxx> writes: > As I used the first byte to fuzz dmtype and .local, let's use the > next three bytes to allow feeding overly wild timezone values to the > machinery and see what breaks, perhaps like so: > > tz = *data++; /* int tz; */ > tz = (tz << 8) | *data++; > tz = (tz << 8) | *data++; > size -= 3; Just this part. As data points at unsigned char, the above would not give us any negative number. We'd need to sign-extend the 24-bit resulting value if we are going to adopt the above approach.
