Signed-off-by: Liu Yubao <yubao.liu@xxxxxxxxx> --- sha1_file.c | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-) diff --git a/sha1_file.c b/sha1_file.c index 6c0e251..efe6967 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1245,8 +1245,9 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size * too permissive for what we want to check. So do an anal * object header parse by hand. */ -static int parse_sha1_header(const char *hdr, unsigned long *sizep) +static int parse_sha1_header(const char *hdr, unsigned long length, unsigned long *sizep) { + const char *hdr_end = hdr + length; char type[10]; int i; unsigned long size; @@ -1254,10 +1255,10 @@ static int parse_sha1_header(const char *hdr, unsigned long *sizep) /* * The type can be at most ten bytes (including the * terminating '\0' that we add), and is followed by - * a space. + * a space, at least one byte for size, and a '\0'. */ i = 0; - for (;;) { + while (hdr < hdr_end - 2) { char c = *hdr++; if (c == ' ') break; @@ -1265,6 +1266,8 @@ static int parse_sha1_header(const char *hdr, unsigned long *sizep) if (i >= sizeof(type)) return -1; } + if (' ' != *(hdr - 1)) + return -1; type[i] = 0; /* @@ -1275,7 +1278,7 @@ static int parse_sha1_header(const char *hdr, unsigned long *sizep) if (size > 9) return -1; if (size) { - for (;;) { + while (hdr < hdr_end - 1) { unsigned long c = *hdr - '0'; if (c > 9) break; @@ -1298,7 +1301,7 @@ static void *unpack_sha1_file(void *map, unsigned long mapsize, enum object_type char hdr[8192]; ret = unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr)); - if (ret < Z_OK || (*type = parse_sha1_header(hdr, size)) < 0) + if (ret < Z_OK || (*type = parse_sha1_header(hdr, stream.total_out, size)) < 0) return NULL; return unpack_sha1_rest(&stream, hdr, *size, sha1); @@ -1982,7 +1985,7 @@ static int sha1_loose_object_info(const unsigned char *sha1, unsigned long *size if (unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr)) < 0) status = error("unable to unpack %s header", sha1_to_hex(sha1)); - else if ((status = parse_sha1_header(hdr, &size)) < 0) + else if ((status = parse_sha1_header(hdr, stream.total_out, &size)) < 0) status = error("unable to parse %s header", sha1_to_hex(sha1)); else if (sizep) *sizep = size; -- 1.6.1.rc1.5.gde86c -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html