Merge branch 'tb/cap-patch-at-1gb'

"git apply" limits its input to a bit less than 1 GiB. * tb/cap-patch-at-1gb: apply: reject patches larger than ~1 GiB
2022-10-30 21:04:43 -04:00
parent c7ccd4eae9 f1c0e3946e
commit c41ec63ef5
2 changed files with 34 additions and 1 deletions
--- a/apply.c
+++ b/apply.c
@ -386,9 +386,19 @@ static void say_patch_name(FILE *output, const char *fmt, struct patch *patch)

 #define SLOP (16)

+/*
+ * apply.c isn't equipped to handle arbitrarily large patches, because
+ * it intermingles `unsigned long` with `int` for the type used to store
+ * buffer lengths.
+ *
+ * Only process patches that are just shy of 1 GiB large in order to
+ * avoid any truncation or overflow issues.
+ */
+#define MAX_APPLY_SIZE (1024UL * 1024 * 1023)
+
 static int read_patch_file(struct strbuf *sb, int fd)
 {
-	if (strbuf_read(sb, fd, 0) < 0)
+	if (strbuf_read(sb, fd, 0) < 0 || sb->len >= MAX_APPLY_SIZE)
 		return error_errno("git apply: failed to read");

 	/*