diff mbox series

[18/20] commit-graph.c: prevent overflow in `merge_commit_graph()`

Message ID 094aca51c2c23fe74016c60d5ba31c325da038d2.1689205042.git.me@ttaylorr.com (mailing list archive)
State Accepted
Commit d76e0a744d3a8c1713f0e913325cab7da92f01ef
Headers show
Series guard object lookups against 32-bit overflow | expand

Commit Message

Taylor Blau July 12, 2023, 11:38 p.m. UTC 
When merging two commit graphs, ensure that we don't attempt to merge
two graphs which, when combined, have more total commits than the 32-bit
unsigned maximum.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 commit-graph.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/commit-graph.c b/commit-graph.c
index 8010e0763e..c679d1d633 100644
--- a/commit-graph.c
+++ b/commit-graph.c
@@ -2178,6 +2178,11 @@  static void merge_commit_graph(struct write_commit_graph_context *ctx,
 	uint32_t i;
 	uint32_t offset = g->num_commits_in_base;
 
+	if (unsigned_add_overflows(ctx->commits.nr, g->num_commits))
+		die(_("cannot merge graph %s, too many commits: %"PRIuMAX),
+		    oid_to_hex(&g->oid),
+		    (uintmax_t)st_add(ctx->commits.nr, g->num_commits));
+
 	ALLOC_GROW(ctx->commits.list, ctx->commits.nr + g->num_commits, ctx->commits.alloc);
 
 	for (i = 0; i < g->num_commits; i++) {