[v6,01/15] reftable: fix OOB stack write in print functions

Message ID	9218bd59b2570ab08f3a2e5c0b590656d00482c4.1642691534.git.gitgitgadget@gmail.com (mailing list archive)
State	Accepted
Commit	32d9c0ed1e9d7ebb539dcc8ec573c025a49b9936
Headers	show Return-Path: <git-owner@kernel.org> Message-Id: <9218bd59b2570ab08f3a2e5c0b590656d00482c4.1642691534.git.gitgitgadget@gmail.com> In-Reply-To: <pull.1152.v6.git.git.1642691534.gitgitgadget@gmail.com> References: <pull.1152.v5.git.git.1640199396.gitgitgadget@gmail.com> <pull.1152.v6.git.git.1642691534.gitgitgadget@gmail.com> Date: Thu, 20 Jan 2022 15:12:00 +0000 Subject: [PATCH v6 01/15] reftable: fix OOB stack write in print functions Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King <peff@peff.net>, Han-Wen Nienhuys <hanwen@google.com>, =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason <avarab@gmail.com>, =?utf-8?b?UmVuw6k=?= Scharfe <l.s.r@web.de>, "brian m. carlson" <sandals@crustytoothpaste.net>, Johannes Schindelin <Johannes.Schindelin@gmx.de>, Neeraj Singh <nksingh85@gmail.com>, Han-Wen Nienhuys <hanwenn@gmail.com>, Han-Wen Nienhuys <hanwen@google.com> Precedence: bulk From: Han-Wen Nienhuys <hanwen@google.com>
Series	Reftable coverity fixes \| expand [v6,00/15] Reftable coverity fixes [v6,01/15] reftable: fix OOB stack write in print functions [v6,02/15] reftable: fix resource leak in block.c error path [v6,03/15] reftable: fix resource leak blocksource.c [v6,04/15] reftable: check reftable_stack_auto_compact() return value [v6,05/15] reftable: ignore remove() return value in stack_test.c [v6,06/15] reftable: fix resource warning [v6,07/15] reftable: all xxx_free() functions accept NULL arguments [v6,08/15] reftable: order unittests by complexity [v6,09/15] reftable: drop stray printf in readwrite_test [v6,10/15] reftable: handle null refnames in reftable_ref_record_equal [v6,11/15] reftable: make reftable-record.h function signatures const correct [v6,12/15] reftable: implement record equality generically [v6,13/15] reftable: remove outdated file reftable.c [v6,14/15] reftable: make reftable_record a tagged union [v6,15/15] reftable: add print functions to the record types

Message ID

9218bd59b2570ab08f3a2e5c0b590656d00482c4.1642691534.git.gitgitgadget@gmail.com (mailing list archive)

State

Accepted

Commit

32d9c0ed1e9d7ebb539dcc8ec573c025a49b9936

Headers

Message-Id: 
 <9218bd59b2570ab08f3a2e5c0b590656d00482c4.1642691534.git.gitgitgadget@gmail.com>
In-Reply-To: <pull.1152.v6.git.git.1642691534.gitgitgadget@gmail.com>
References: <pull.1152.v5.git.git.1640199396.gitgitgadget@gmail.com>
        <pull.1152.v6.git.git.1642691534.gitgitgadget@gmail.com>
Date: Thu, 20 Jan 2022 15:12:00 +0000
Subject: [PATCH v6 01/15] reftable: fix OOB stack write in print functions
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Jeff King <peff@peff.net>, Han-Wen Nienhuys <hanwen@google.com>,
	=?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason  <avarab@gmail.com>,
	=?utf-8?b?UmVuw6k=?= Scharfe <l.s.r@web.de>,
 "brian m. carlson" <sandals@crustytoothpaste.net>,
 Johannes Schindelin <Johannes.Schindelin@gmx.de>,
 Neeraj Singh <nksingh85@gmail.com>, Han-Wen Nienhuys <hanwenn@gmail.com>,
 Han-Wen Nienhuys <hanwen@google.com>
Precedence: bulk
From: Han-Wen Nienhuys <hanwen@google.com>

Series

Reftable coverity fixes | expand

Comments

Ævar Arnfjörð Bjarmason Jan. 21, 2022, 11:41 a.m. UTC | #1

On Thu, Jan 20 2022, Han-Wen Nienhuys via GitGitGadget wrote:

> From: Han-Wen Nienhuys <hanwen@google.com>
>
> Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
> ---
>  reftable/record.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/reftable/record.c b/reftable/record.c
> index 6a5dac32dc6..8536bd03aa9 100644
> --- a/reftable/record.c
> +++ b/reftable/record.c
> @@ -254,7 +254,7 @@ static void hex_format(char *dest, uint8_t *src, int hash_size)
>  void reftable_ref_record_print(struct reftable_ref_record *ref,
>  			       uint32_t hash_id)
>  {
> -	char hex[2 * GIT_SHA256_RAWSZ + 1] = { 0 }; /* BUG */
> +	char hex[GIT_MAX_HEXSZ + 1] = { 0 }; /* BUG */

Is whatever "BUG" this is still current after this change?

Han-Wen Nienhuys Jan. 24, 2022, 2:14 p.m. UTC | #2

On Fri, Jan 21, 2022 at 12:42 PM Ævar Arnfjörð Bjarmason
<avarab@gmail.com> wrote:
> > -     char hex[2 * GIT_SHA256_RAWSZ + 1] = { 0 }; /* BUG */
> > +     char hex[GIT_MAX_HEXSZ + 1] = { 0 }; /* BUG */
>
> Is whatever "BUG" this is still current after this change?

I can't remember what this was about. Dropping.

diff --git a/reftable/record.c b/reftable/record.c
index 6a5dac32dc6..8536bd03aa9 100644
--- a/reftable/record.c
+++ b/reftable/record.c
@@ -254,7 +254,7 @@  static void hex_format(char *dest, uint8_t *src, int hash_size)
 void reftable_ref_record_print(struct reftable_ref_record *ref,
 			       uint32_t hash_id)
 {
-	char hex[2 * GIT_SHA256_RAWSZ + 1] = { 0 }; /* BUG */
+	char hex[GIT_MAX_HEXSZ + 1] = { 0 }; /* BUG */
 	printf("ref{%s(%" PRIu64 ") ", ref->refname, ref->update_index);
 	switch (ref->value_type) {
 	case REFTABLE_REF_SYMREF:
@@ -586,7 +586,7 @@  static struct reftable_record_vtable reftable_obj_record_vtable = {
 void reftable_log_record_print(struct reftable_log_record *log,
 			       uint32_t hash_id)
 {
-	char hex[GIT_SHA256_RAWSZ + 1] = { 0 };
+	char hex[GIT_MAX_HEXSZ + 1] = { 0 };
 
 	switch (log->value_type) {
 	case REFTABLE_LOG_DELETION:

[v6,01/15] reftable: fix OOB stack write in print functions

Commit Message

Comments

Patch