Here is a small reroll of a couple of patches I wrote to fix various
small issues with the tb/pseudo-merge-reachability-bitmaps topic.
The only change since last time is replacing:
if (st_mult(index->pseudo_merges.nr, sizeof(uint64_t)) > table_size - 24)
with:
if (st_add(st_mult(index->pseudo_merges.nr, sizeof(uint64_t)), 24) > table_size)
based on helpful review from Junio. For convenience, a range-diff is
below. Thanks in advance for any final review on this topic :-).
Taylor Blau (2):
Documentation/technical/bitmap-format.txt: add missing position table
pack-bitmap.c: ensure pseudo-merge offset reads are bounded
Documentation/technical/bitmap-format.txt | 9 +++++++++
pack-bitmap.c | 5 +++++
2 files changed, 14 insertions(+)
Range-diff against v1:
-: ---------- > 1: a71ec05e5d Documentation/technical/bitmap-format.txt: add missing position table
1: 0a16399d14 ! 2: 8abd564e7c pack-bitmap.c: ensure pseudo-merge offset reads are bounded
@@ Commit message
end of the mmap'd region.
Prevent this by ensuring that we have at least `table_size - 24` many
- bytes available to read (subtracting 24 as the length of the metadata
- component).
+ bytes available to read (adding 24 to the left-hand side of our
+ inequality to account for the length of the metadata component).
This is sufficient to prevent us from reading off the end of the
pseudo-merge extension, and ensures that all of the get_be64() calls
@@ pack-bitmap.c: static int load_bitmap_header(struct bitmap_index *index)
index->pseudo_merges.commits_nr = get_be32(index_end - 20);
index->pseudo_merges.nr = get_be32(index_end - 24);
-+ if (st_mult(index->pseudo_merges.nr, sizeof(uint64_t)) > table_size - 24)
++ if (st_add(st_mult(index->pseudo_merges.nr,
++ sizeof(uint64_t)),
++ 24) > table_size)
+ return error(_("corrupted bitmap index file, pseudo-merge table too short"));
+
CALLOC_ARRAY(index->pseudo_merges.v,
base-commit: 0b7500dc66ffcb6b1ccc3332715936a59c6b5ce4
--
2.45.0.33.g0a16399d14.dirty
