Idea-Studios/libgit2
2
0
Fork 0
mirror of https://github.com/libgit2/libgit2.git synced 2026-06-22 06:26:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7172 from Oblivionsage/main

Browse Source 
delta: fix undefined behavior in hdr_sz varint parsing
This commit is contained in:
Edward Thomson
2026-01-08 21:25:44 +00:00
committed by GitHub
parent 28b244aa40 4e6b493787
commit c5105a07dd
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/libgit2/delta.c
View File

@@ -477,8 +477,12 @@ static int hdr_sz(
return -1;
}
if (shift >= (sizeof(size_t) * 8)) {
git_error_set(GIT_ERROR_INVALID, "delta header overflow");
return -1;
}
c = *d++;
r |= (c & 0x7f) << shift;
r |= ((size_t)(c & 0x7f)) << shift;
shift += 7;
} while (c & 0x80);
*delta = d;

16
tests/libgit2/delta/shift_overflow.c Normal file
View File

@@ -0,0 +1,16 @@
#include "clar_libgit2.h"
#include "delta.h"
void test_delta_shift_overflow__hdr_sz_shift_limit(void)
{
unsigned char base[16] = { 0 };
unsigned char delta[] = {
0x80, 0x80, 0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x80,
0x80, 0x01
};
void *out;
size_t outlen;
cl_git_fail(git_delta_apply(&out, &outlen, base, sizeof(base), delta, sizeof(delta)));
}