Taylor Blau <me@xxxxxxxxxxxx> writes: > Ensure that we refuse to process a .gitattributes blob exceeding > ATTR_MAX_FILE_SIZE when reading from either an arbitrary tree object or > a sparse directory. This is done by pushing the ATTR_MAX_FILE_SIZE check > down into the low-level `read_attr_from_buf()`. > > In doing so, plug a leak in `read_attr_from_index()` where we would > accidentally leak the large buffer upon detecting it is too large to > process. > > (Since `read_attr_from_buf()` handles a NULL buffer input, we can remove > a NULL check before calling it in `read_attr_from_index()` as well). > > Co-authored-by: Jeff King <peff@xxxxxxxx> > Signed-off-by: Jeff King <peff@xxxxxxxx> > Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx> > --- Makes sense. Will queue. Thanks.
