mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check patch_delta bounds more carefully

Browse Source 
Let's avoid going south with invalid delta data.

Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
Nicolas Pitre
2006-04-07 15:26:10 -04:00
committed by Junio C Hamano
parent 7d6c447145
commit 8960844a78
3 changed files with 28 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
delta.h
View File

@ -16,7 +16,8 @@ extern void *patch_delta(void *src_buf, unsigned long src_size,
* This must be called twice on the delta data buffer, first to get the
* expected reference buffer size, and again to get the result buffer size.
*/
static inline unsigned long get_delta_hdr_size(const unsigned char **datap)
static inline unsigned long get_delta_hdr_size(const unsigned char **datap,
const unsigned char *top)
{
const unsigned char *data = *datap;
unsigned char cmd;
@ -26,7 +27,7 @@ static inline unsigned long get_delta_hdr_size(const unsigned char **datap)
cmd = *data++;
size |= (cmd & ~0x80) << i;
i += 7;
} while (cmd & 0x80);
} while (cmd & 0x80 && data < top);
*datap = data;
return size;
}