From patchwork Wed Jul 12 23:37:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AA4FC0015E for ; Wed, 12 Jul 2023 23:37:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232974AbjGLXhf (ORCPT ); Wed, 12 Jul 2023 19:37:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232529AbjGLXha (ORCPT ); Wed, 12 Jul 2023 19:37:30 -0400 Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 672DE119 for ; Wed, 12 Jul 2023 16:37:29 -0700 (PDT) Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-579ed2829a8so79842997b3.1 for ; Wed, 12 Jul 2023 16:37:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205048; x=1691797048; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=wYOqEpL2Z/+DnKbJAY8EkUxleHIkpot0l0LMNLD1uIg=; b=TfWqd1zYYUgTFo3MkN0rw39oUlEt/tFNDyZJMbDbiLbQuIzRgNBARibc7UcuVWld0u 6Jk5+aj6cZyoZ9iHQJKGj4WSoD6UU+7ArjRmBx0nKLRq6kUQ5iT8KPEqwYTKWsqzmfs0 wCAEDXZT++w2dWn7lUl/efjYwqqWFAoGPd0sZXAaXX8rO0536p90ngakG5dL6SOydEFq HCeyW9FEoaifXEp3F1RnyT3NcdkNggOBwEunNrMt1M1AOOL8jP/NGGQyHA4nNEmDuwN+ csul1pHplUbgSRUdrkTwvBIg4NHn1zzY9X2vEXju6EA7gjWtmxFbHCCvv1e4+GV1WRbw 1yaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205048; x=1691797048; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wYOqEpL2Z/+DnKbJAY8EkUxleHIkpot0l0LMNLD1uIg=; b=XtdoydE8GZ5Lmf9BpXe85BT+V7XxaWoBeyH5omJtamVugUdC9OMqwBj1Gffw21C/C0 BunH9MxRFbNXkZBdm7ka3gNG2k8DgxQwOZKnI3eRgGAnxzCY6Kd04QdL8lmFKxbH4j6k enVsQhlvd7k2QJGDEU4jPeHevxkzHc5NeynmdPW9rFCLWojOCC2/p4nImCPXaMI2x/NE BN6QsFgXdyD45usdPj5GDmEUUCk1iDeIZE8noOdohiVSbhSLT5j+qncUJTFrVFMZN0Zh UHoBhkBh86aqXIl7pYWXogSmu9uCneMqtQOAVTb6ioGkQ39ridtl7OUM2gBNbYiygp4E HDlQ== X-Gm-Message-State: ABy/qLbb2JN5ja7wSmY7c12TdKVQ1aW8X1o03SaDi7epIvrLEH6JNrUY 7epdSeKec+vZh1EHQ0oDTHWvPUnptQMoormQRsuBgw== X-Google-Smtp-Source: APBJJlHrHnvz7rmmD9RUvyDwHnktF7G1AKowcjJjqx4STCSlU2af5A0xMAAIYaRsF/dYw/DIMvrGkA== X-Received: by 2002:a0d:d816:0:b0:570:670c:7fe3 with SMTP id a22-20020a0dd816000000b00570670c7fe3mr71591ywe.46.1689205048492; Wed, 12 Jul 2023 16:37:28 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id s126-20020a0dd084000000b0057a918d6644sm1444407ywd.128.2023.07.12.16.37.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:28 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:27 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 01/20] packfile.c: prevent overflow in `nth_packed_object_id()` Message-ID: <5e92582e2912806e0068af97c265fb50e8bbe54f.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In 37fec86a83 (packfile: abstract away hash constant values, 2018-05-02), `nth_packed_object_id()` started using the variable `the_hash_algo->rawsz` instead of a fixed constant when trying to compute an offset into the ".idx" file for some object position. This can lead to surprising truncation when looking for an object towards the end of a large enough pack, like the following: (gdb) p hashsz $1 = 20 (gdb) p n $2 = 215043814 (gdb) p hashsz * n $3 = 5908984 , which is a debugger session broken on a known-bad call to the `nth_packed_object_id()` function. This behavior predates 37fec86a83, and is original to the v2 index format, via: 74e34e1fca (sha1_file.c: learn about index version 2, 2007-04-09). This is due to §6.4.4.1 of the C99 standard, which states that an untyped integer constant will take the first type in which the value can be accurately represented, among `int`, `long int`, and `long long int`. Since 20 can be represented as an `int`, and `n` is a 32-bit unsigned integer, the resulting computation is defined by §6.3.1.8, and the (signed) integer value representing `n` is converted to an unsigned type, meaning that `20 * n` (for `n` having type `uint32_t`) is equivalent to a multiplication between two unsigned 32-bit integers. When multiplying a sufficiently large `n`, the resulting value can exceed 2^32-1, wrapping around and producing an invalid result. Let's follow the example in f86f769550e (compute pack .idx byte offsets using size_t, 2020-11-13) and replace this computation with `st_mult()`, which will ensure that the computation is done using 64-bits. While here, guard the corresponding computation for packs with v1 indexes, too. Though the likelihood of seeing a bug there is much smaller, since (a) v1 indexes are generated far less frequently than v2 indexes, and (b) they all correspond to packs no larger than 2 GiB, so having enough objects to trigger this overflow is unlikely if not impossible. Signed-off-by: Taylor Blau --- packfile.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packfile.c b/packfile.c index c2e753ef8f..89220f0e03 100644 --- a/packfile.c +++ b/packfile.c @@ -1920,10 +1920,10 @@ int nth_packed_object_id(struct object_id *oid, return -1; index += 4 * 256; if (p->index_version == 1) { - oidread(oid, index + (hashsz + 4) * n + 4); + oidread(oid, index + st_add(st_mult(hashsz + 4, n), 4)); } else { index += 8; - oidread(oid, index + hashsz * n); + oidread(oid, index + st_mult(hashsz, n)); } return 0; } From patchwork Wed Jul 12 23:37:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32B9CC001DF for ; Wed, 12 Jul 2023 23:37:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231651AbjGLXhg (ORCPT ); Wed, 12 Jul 2023 19:37:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232802AbjGLXhd (ORCPT ); Wed, 12 Jul 2023 19:37:33 -0400 Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 535B0173B for ; Wed, 12 Jul 2023 16:37:32 -0700 (PDT) Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-5701e8f2b79so86759267b3.0 for ; Wed, 12 Jul 2023 16:37:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205051; x=1691797051; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=J9uGHYaZ/toenDKxFISe+cu37V6V1ShiODVe1qBMX28=; b=BIavTcLDcfkBjmtTi3P+cwfdiQegHae9r6gbfL/dNas5pagL9T3bRhh8fj7DkKlKKQ /LPVoLU12hnCcpemrmKnLQBzmPno/fVEQVuJt0hoeOYuTGlI9ddt6LZz0TaSgpSvlu5d PPqxWDXyCDDT82OGaVbJfykXLGB2TFk8UvvN6VeJrFzDtkBvmo4CLilPjnKOTxxVSZMV p8/moENdh+tCYDiBryNQToPnJfgvFyO939pk8N8wuAV2f6BinSk8t5cz0RMj9BUE/8QE II8BG7LMcOwMoMzQbksKhYAfHDN93YQTVnABg5ecZHMIUw7BNOXhgvJKj3Oy7Hs9tMr8 WMpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205051; x=1691797051; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J9uGHYaZ/toenDKxFISe+cu37V6V1ShiODVe1qBMX28=; b=CnAEb3ujD2e8fBsm1WBFCoSuGXAuTpKRUJY8hN5R+otB2vqPVQRghnUYmX+IYlgCzJ YHEPAKiHRWROMHkbnHCKUANV6Pu6cnn92PXXc0HRwpsvIxRqhtEa5ncUlcp9V/WbWssb dO2pJJ93d8LA14Nd6vqdznVboT027qiL6XZxFcOw7ePvnF5pbxQCNHUIpYJ8YYhjgoeS VZpEpZqNnaHtylTRk3+G4jbL7WkbXEOIQh1dE3VVkwadhEGzMUQ82ZUN0nBcynyUv8UN ifqjiTlxgKNlgwN509dbG96Wo15HnW0N9G6I8IoUi6WBRs7drdlQIB4/YaW5OD/VUwaY O5Vw== X-Gm-Message-State: ABy/qLYZt3dWult5QztPVXboLgwPM3Hq9wLDJ1FkJutqlU+AF6tw+Dbg j3bG500ownbkLonuKsh2zp6sV5s10atzoI/J38abJg== X-Google-Smtp-Source: APBJJlESJLlCTwlhjceSd2e00p9tq0st2jUVLzlAKirOMEZMSwfNMBtsgXzyOWAp2WN4rcZHEnccfQ== X-Received: by 2002:a0d:df52:0:b0:573:b42b:4e27 with SMTP id i79-20020a0ddf52000000b00573b42b4e27mr109817ywe.16.1689205051164; Wed, 12 Jul 2023 16:37:31 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id t81-20020a0dea54000000b0056ffca5fb01sm1472902ywe.117.2023.07.12.16.37.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:30 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:30 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()` Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Prevent an overflow when locating a pack's CRC offset when the number of packed items is greater than 2^32-1/hashsz by guarding the computation with an `st_mult()`. Signed-off-by: Taylor Blau Signed-off-by: Taylor Blau --- packfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packfile.c b/packfile.c index 89220f0e03..70acf1694b 100644 --- a/packfile.c +++ b/packfile.c @@ -186,7 +186,7 @@ int load_idx(const char *path, const unsigned int hashsz, void *idx_map, */ (sizeof(off_t) <= 4)) return error("pack too large for current definition of off_t in %s", path); - p->crc_offset = 8 + 4 * 256 + nr * hashsz; + p->crc_offset = st_add(8 + 4 * 256, st_mult(nr, hashsz)); } p->index_version = version; From patchwork Wed Jul 12 23:37:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 442F5C00528 for ; Wed, 12 Jul 2023 23:37:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232267AbjGLXhj (ORCPT ); Wed, 12 Jul 2023 19:37:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233099AbjGLXhf (ORCPT ); Wed, 12 Jul 2023 19:37:35 -0400 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4172173B for ; Wed, 12 Jul 2023 16:37:34 -0700 (PDT) Received: by mail-yb1-xb2f.google.com with SMTP id 3f1490d57ef6-bff89873d34so2839276.2 for ; Wed, 12 Jul 2023 16:37:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205054; x=1691797054; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=f7yYt3iF88/ToiMJeWwYRXgGWlAZOYP605Gzs2bR9aQ=; b=ubReKF2zHo1RXrDXHrB5Q1f1d+G5PajdKqnwoQXeMYuNFX/q8AP81ok5TT4/HIh1yO jZatLWK3xLI0g7t88PMkzMVXwvKMXZDa+gq/4BBoKIPtCms216+8gw51ap1FTjCHkJIY UyvE1rA9b9WZTMsvT3/i152oeBRpw8Q73zCFaquDMKsoFJgKF7VFXVZ62+p/2xMuIUY4 dcSMh3yCT33WDM+McHGi23MGN/WrEVv0FsVsh8pdLpHhMy5LPJ+jX3Xo2T/p5aGTPwwa FUl4T9pDn2lPiToa49HmLCrvcsVD4+OirDkpnuPxKlWhL+wDpZWg9EQBBjo9uOabHO1W SQ5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205054; x=1691797054; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=f7yYt3iF88/ToiMJeWwYRXgGWlAZOYP605Gzs2bR9aQ=; b=hxG0ObRJyLbXADVzp6tP3/CDsGzgcIrQW2Yaea747LoAdiPwztpD96u7IwvDybwkWo uZ9KZoB9g153pJcjITGd84qSYKsuhp4CBJMBBMYemh2BUV8u67n9rl+wwL/8FS8rdbYX YltM04IAFunvtEMXkxU4hCLTgT7/IEigN9Z61FybN3KVJNQuX9c+QkDI2Erk+BKrm/gm ou6o7zZ1Ap7MW98P6jTMiyunMT9CkEF4j4eYgAspZGPekQoHui4ST9SFVMotMSDcyHYv Mxr0buXvRo+5bhOEIxGADQphv6uJWK3U20OKykLS2gBa8KCzGnaRrM7jV9z6EKc29Gn9 dAbA== X-Gm-Message-State: ABy/qLaZlQ/Dv64Nbjh9fYPQtHVkADZTRdUNCRfVdCUW3GsACmny65nF Zhnxxjlara5Ip57nIwdSfOwdqgH3xbYXe2BxHIM26Q== X-Google-Smtp-Source: APBJJlF70za8sUymoNz7AfHmloMFT6Xw+VUkpJM6bYV3kv+WUQ7srD73V9gR4PsQJFvS3fFgGbLVgA== X-Received: by 2002:a0d:fbc5:0:b0:570:63d3:9685 with SMTP id l188-20020a0dfbc5000000b0057063d39685mr113802ywf.25.1689205053924; Wed, 12 Jul 2023 16:37:33 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id x66-20020a0dee45000000b005772646629csm1445817ywe.144.2023.07.12.16.37.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:33 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:32 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 03/20] packfile.c: use checked arithmetic in `nth_packed_object_offset()` Message-ID: <750d38cbeba42416d98895d6e0004d1ca6329ce5.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as the previous commits, ensure that we use `st_add()` or `st_mult()` when computing values that may overflow the 32-bit unsigned limit. Note that in each of these instances, we prevent 32-bit overflow already since we have explicit casts to `size_t`. So this code is OK as-is, but let's clarify it by using the `st_xyz()` helpers to make it obvious that we are performing the relevant computations using 64 bits. Signed-off-by: Taylor Blau --- packfile.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/packfile.c b/packfile.c index 70acf1694b..e8e01e348e 100644 --- a/packfile.c +++ b/packfile.c @@ -1948,14 +1948,15 @@ off_t nth_packed_object_offset(const struct packed_git *p, uint32_t n) const unsigned int hashsz = the_hash_algo->rawsz; index += 4 * 256; if (p->index_version == 1) { - return ntohl(*((uint32_t *)(index + (hashsz + 4) * (size_t)n))); + return ntohl(*((uint32_t *)(index + st_mult(hashsz + 4, n)))); } else { uint32_t off; - index += 8 + (size_t)p->num_objects * (hashsz + 4); - off = ntohl(*((uint32_t *)(index + 4 * n))); + index += st_add(8, st_mult(p->num_objects, hashsz + 4)); + off = ntohl(*((uint32_t *)(index + st_mult(4, n)))); if (!(off & 0x80000000)) return off; - index += (size_t)p->num_objects * 4 + (off & 0x7fffffff) * 8; + index += st_add(st_mult(p->num_objects, 4), + st_mult(off & 0x7fffffff, 8)); check_pack_index_ptr(p, index); return get_be64(index); } From patchwork Wed Jul 12 23:37:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E89AEEB64DA for ; Wed, 12 Jul 2023 23:38:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233271AbjGLXhs (ORCPT ); Wed, 12 Jul 2023 19:37:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232866AbjGLXhp (ORCPT ); Wed, 12 Jul 2023 19:37:45 -0400 Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17BE51FCC for ; Wed, 12 Jul 2023 16:37:38 -0700 (PDT) Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-5701eaf0d04so82678767b3.2 for ; Wed, 12 Jul 2023 16:37:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205057; x=1691797057; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=SLU39YylH/x9Y3EwN3WYovqewoUwGi66uEa9KFJ1XUI=; b=JLVbEq2Sr8tdU7iW0m7KhjChVflpl+wwihtmVit4G6k6uQgt1Ji+ukI6GiJP7eGioD Ox2HJVwEyfhzP6wt936k2ZbLMyDRpfH5CsxH8avU73pV05He4c1stLCiZsZcK0AQLKHh 0ZVd/PNR4XzwqweoMoz9bue1uvyThom3uhiU+33Penm6/PqkZMpMColxMXPoNTutbdar SjhRiuPd2qda16zBzi7SHW1QaXAGcEmXzBGjZdHY2pFGy3LlbfZVbbaLelHb6VRx8o5W b8GWGgucpN3rrXLQPt2T4aiH2Z/YkD6yR2wsABxuTVnXv3/F0ISvHDnv1OY8v22XR3El M+xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205057; x=1691797057; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=SLU39YylH/x9Y3EwN3WYovqewoUwGi66uEa9KFJ1XUI=; b=OXaDLVgymgtzn3uGTora4x6oWVfg8XeB+qiH6VfvAQSqlhwMDSu3qg1AwaGGIfXT+j g5pHIIf8vJZnghfwuqjDzAGpDw/0tdQFuT/rLH23nJfJ0BsVDOgVgpicYwPhuJvTlGFg LirFfhTKB2Y44roUgtCWFbqsfJ5W5iQM2RUhYeGBYVUJp7XGeG7NgBy2yyS4wLDiIM7N mzLIV1AQyFfUMJ6i3HigVHZ6XmCwYVHmRrZphsBCDp+PYy6qzkof/4H3u2nkUbhVV2a0 F6lX1+bl//xjbhIkTntb4C30RAbt1fwxvpkHhArtDfxeikNVy2qxNhC+JEbNY9tgET3c ai8g== X-Gm-Message-State: ABy/qLZXfqp731skcuUwPM0n1uxHkqkGCh4hrfrC1ieQZaqhD/Nkyoay rhU9lximjW2oj3dn5jU3PDTI1NgNM+knc8f++JDnKA== X-Google-Smtp-Source: APBJJlEogbmcjXySwbFA3uPsAi6dqgJOFEJmMQCB7VGIBV2IwoXk0rtfaZ1DGzJL3T+9I0ejogE2Ow== X-Received: by 2002:a81:a191:0:b0:572:83de:a011 with SMTP id y139-20020a81a191000000b0057283dea011mr55957ywg.35.1689205057137; Wed, 12 Jul 2023 16:37:37 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id q127-20020a0de785000000b00545a081849esm1470250ywe.46.2023.07.12.16.37.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:36 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:36 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 04/20] midx.c: use `size_t`'s for fanout nr and alloc Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org The `midx_fanout` struct is used to keep track of a set of OIDs corresponding to each layer of the MIDX's fanout table. It stores an array of entries, along with the number of entries in the table, and the allocated size of the array. Both `nr` and `alloc` are stored as 32-bit unsigned integers. In practice, this should never cause any problems, since most packs have far fewer than 2^32-1 objects. But storing these as `size_t`'s is more appropriate, and prevents us from accidentally overflowing some result when multiplying or adding to either of these values. Update these struct members to be `size_t`'s as appropriate. Signed-off-by: Taylor Blau --- midx.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/midx.c b/midx.c index db459e448b..449c10289c 100644 --- a/midx.c +++ b/midx.c @@ -584,12 +584,14 @@ static void fill_pack_entry(uint32_t pack_int_id, struct midx_fanout { struct pack_midx_entry *entries; - uint32_t nr; - uint32_t alloc; + size_t nr, alloc; }; -static void midx_fanout_grow(struct midx_fanout *fanout, uint32_t nr) +static void midx_fanout_grow(struct midx_fanout *fanout, size_t nr) { + if (nr < fanout->nr) + BUG("negative growth in midx_fanout_grow() (%"PRIuMAX" < %"PRIuMAX")", + (uintmax_t)nr, (uintmax_t)fanout->nr); ALLOC_GROW(fanout->entries, nr, fanout->alloc); } From patchwork Wed Jul 12 23:37:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CDFBC0015E for ; Wed, 12 Jul 2023 23:38:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233339AbjGLXhv (ORCPT ); Wed, 12 Jul 2023 19:37:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231987AbjGLXhq (ORCPT ); Wed, 12 Jul 2023 19:37:46 -0400 Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD6081FF7 for ; Wed, 12 Jul 2023 16:37:40 -0700 (PDT) Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-57a6df91b1eso56842187b3.1 for ; Wed, 12 Jul 2023 16:37:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205059; x=1691797059; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=R+eKKd2Xv2yoPgePE2cYqk74E9Fbvjeb4VfHtVmi9KI=; b=gaBtKNqqfxM40R5X3N1hMWxZrMmXsH7EYIWmGfddQFZYKL/bL0sJSVVeE8bcwKmBeo LzlcyMZN2ZyKYZsegxuJw3RELH+bDpRYF8o9rlUIE6knGL7jKG5COgPpoUg3n48xAXRV rSTAMPR6zAITa/2HblenQPdYN4pGERs7xQ1mPv/7jg2IPRKb3VBpeabyWT97jHAMgWGV fIMy46towyU/vIFmMHG115VnNv1PXmyX4Zy4ZCwqPwXpWL3tAfgT0QzLrqDuEanvjsxV tL70wbreOyqsKAKmz1SJBC+KaAgAywh8aNQYyMGAA8oKJaTgoWT3ENL345Dvc+7p/y8s 9zSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205059; x=1691797059; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=R+eKKd2Xv2yoPgePE2cYqk74E9Fbvjeb4VfHtVmi9KI=; b=W9Y6d42xNmgxixLtI+/JauHqXmx4nExjAi76dKru+dAqiL8GYsxZCeziGTqBuRUUZt 7zYzkd+00z9O3riiXrEDDO6WSYerrZ7UyFI1To0FiWXx2GeLdxWqU7yiASOmc+xnP3AU 0lNoRZwsN+9TBjPne10tkwQF6+M94aSoAZKAT/z+OVg9Yzt1bO8d3NHjB+R0bxXP1e1+ 6e+Ncn86GnVyHWA+mIXR1lSCm8VGBh3VU8dkmNQyQkD6TKNVCpPCmyn8hAlvGrBqYE6i Wqi+C8Uauw4AxP/giHj3EtZATZ8WL9ucp5z0m9FH5vwj8TadfyF+05I58JvFgOxcROVF /jVA== X-Gm-Message-State: ABy/qLaryTaBC7gxFlXdZbV/9yF+eDzbX/tmWFiPoWwKEN9DfrhpXGTe K2I9/Mj9147zURva5UQvlWvDQ09erC1Qom7ezYCHUA== X-Google-Smtp-Source: APBJJlGioOHxAt8dNe17uyG9VYh1eMtKW9LJqnTTOnjMAPRziGVwgeMSk0ur38l+jxh/VVIJR05FtA== X-Received: by 2002:a81:7d86:0:b0:57a:5039:aa77 with SMTP id y128-20020a817d86000000b0057a5039aa77mr121039ywc.15.1689205059751; Wed, 12 Jul 2023 16:37:39 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id w18-20020a814912000000b0057a92cd7f95sm1442407ywa.100.2023.07.12.16.37.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:39 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:38 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 05/20] midx.c: prevent overflow in `nth_midxed_object_oid()` Message-ID: <1a60b79296c567da33cb8e7001ff21c484836989.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, avoid overflow when looking up an object's OID in a MIDX when its position is greater than `2^32-1/m->hash_len`. As usual, it is perfectly OK for a MIDX to have as many as 2^32-1 objects (since we use 32-bit fields to count the number of objects at each fanout layer). But if we have more than `2^32-1/m->hash_len` number of objects, we will incorrectly perform the computation using 32-bit integers, overflowing the result. Signed-off-by: Taylor Blau --- midx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/midx.c b/midx.c index 449c10289c..dbc63c0d42 100644 --- a/midx.c +++ b/midx.c @@ -254,7 +254,7 @@ struct object_id *nth_midxed_object_oid(struct object_id *oid, if (n >= m->num_objects) return NULL; - oidread(oid, m->chunk_oid_lookup + m->hash_len * n); + oidread(oid, m->chunk_oid_lookup + st_mult(m->hash_len, n)); return oid; } From patchwork Wed Jul 12 23:37:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311030 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5A16EB64DA for ; Wed, 12 Jul 2023 23:38:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232837AbjGLXiC (ORCPT ); Wed, 12 Jul 2023 19:38:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233002AbjGLXhr (ORCPT ); Wed, 12 Jul 2023 19:37:47 -0400 Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B0B0211E for ; Wed, 12 Jul 2023 16:37:43 -0700 (PDT) Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-57712d00cc1so88008267b3.3 for ; Wed, 12 Jul 2023 16:37:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205062; x=1691797062; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+u1fSyA8Kfv4EfNOQdEkgrUkcm7F6h7cP/QnUxUMEgw=; b=G8Z7jsfRSb/Fgn9DCPHBmMyCg4IXyxyIhTPTO6WybnxLvqyzDH7LqU7a2y5FRcDnqZ A33BY8m7kcFYZRKScF4TZqgpVFRAMVy3gl6mC0sUOzLeZuTv3wnGMll19I9FvWjo1Z/9 iAqIv6GLGn3JCsljNjyk8iZzYNDyPFWvW6H/0cVrwQaPg9Lu2nMLz8lbzo0gm8pfXRpW VRs8dp9uU50//2LvhblA81p0i0mykkvNbKJHEJmcbtzUYjwLKkZXtpJ3QzDnX9a/O1Hl MqSC6m0H1JVKfD+zAOux3WfvkMCC+HdZgft6mByp2M3/gxeK/H7FcM36seEj7uQezTwo 5OSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205062; x=1691797062; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+u1fSyA8Kfv4EfNOQdEkgrUkcm7F6h7cP/QnUxUMEgw=; b=Gbu7e2vd+wYibzgoEKtYscKgJqAjC/dmrRAfZfgNjRzAxaDmvsYeNTfitYnVkiAfUZ /+QjsjmhqTGrovv/l5JqDizNk+F55r7oSjgWVqKajFGo5XAqWBZnNHct4Lp2u8qnw7+N bGuT4/KKUurJnEcNo8JML/X76M7TJqil2mVIKFqFp1RJPmIn5YPjFlZDa2KzcaiSADfl QzMR2/EBlUzgmrFUaAv81n8YAM7Waot2xMusLH9hXUIOPybNmJFWZfJoGbmrGCRyP4tv 0CJCG1kfwp2EphjOdQfAnToVBA1E+DfQ1ZUosmhuJaTzlBO7bCuz+pursf87jV2Dusgk 2pwQ== X-Gm-Message-State: ABy/qLZXiavtVkcxCQWtMMttVz25KQyxbLxZDVCQh/3dEIbTCLSsdwI1 m4guSM0Zyan8fxkPwluSUwiI4hXeyl6rOYDfmK8//w== X-Google-Smtp-Source: APBJJlEiJ1F26t8x/gOzCzFdHUQ3UEfZXkC36WPDylmq/KVnhiSm7gNraaqxHqMeac10VsjzFla0UA== X-Received: by 2002:a81:71c1:0:b0:57a:6df7:5ccd with SMTP id m184-20020a8171c1000000b0057a6df75ccdmr136020ywc.13.1689205062421; Wed, 12 Jul 2023 16:37:42 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id p187-20020a0de6c4000000b00577335ea38csm1450982ywe.121.2023.07.12.16.37.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:42 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:41 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 06/20] midx.c: prevent overflow in `nth_midxed_offset()` Message-ID: <7973822d87d571d472be336a3e102ce2b3c85fc2.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous patches, avoid an overflow when looking up object offsets in the MIDX's large offset table by guarding the computation via `st_mult()`. This instance is also OK as-is, since the left operand is the result of `sizeof(...)`, which is already a `size_t`. But use `st_mult()` instead here to make it explicit that this computation is to be performed using 64-bit unsigned integers. Signed-off-by: Taylor Blau --- midx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/midx.c b/midx.c index dbc63c0d42..a5a4ff4398 100644 --- a/midx.c +++ b/midx.c @@ -271,7 +271,8 @@ off_t nth_midxed_offset(struct multi_pack_index *m, uint32_t pos) die(_("multi-pack-index stores a 64-bit offset, but off_t is too small")); offset32 ^= MIDX_LARGE_OFFSET_NEEDED; - return get_be64(m->chunk_large_offsets + sizeof(uint64_t) * offset32); + return get_be64(m->chunk_large_offsets + + st_mult(sizeof(uint64_t), offset32)); } return offset32; From patchwork Wed Jul 12 23:37:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311055 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61231EB64DA for ; Wed, 12 Jul 2023 23:43:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233365AbjGLXnJ (ORCPT ); Wed, 12 Jul 2023 19:43:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233105AbjGLXht (ORCPT ); Wed, 12 Jul 2023 19:37:49 -0400 Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C97019B4 for ; Wed, 12 Jul 2023 16:37:46 -0700 (PDT) Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-5703cb4bcb4so79805057b3.3 for ; Wed, 12 Jul 2023 16:37:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205065; x=1691797065; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=bwz1RJ91Ih3YI/nVdUt0UyRdOarlVnHTssLh60EBeNM=; b=CaxwZLFckgqIIuS4LdLRanCJd6G1V23R8oJC4zKeANdeXvFt9vdPWREyR5cK+km8AX YSIW72+xBBGrWNjy7GToO/Is4svcjcKa6OU6oxx2yXJ9HywHEI+U+G5NgeeQoOMjyCd6 xlRhXoozqi4JkghvYuPGpfRDze9IS/vjMlaQtVCAIDAm5Kz9yCCXIsGQ2nlZKhaZNwgg KaPY+7UDlM0W1Yce+jw6UgXUqk/Z5Kyqx1KDHDBtT36Rf8LNYXNdENvoqwsnoi7EJi/t wZDm6A0IrNCI7xyaGsYGDQAA5fD9ZOwx2WaFjJaO5z8DIm65pr6jDqiViYQjKjO7xAbq cCEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205065; x=1691797065; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bwz1RJ91Ih3YI/nVdUt0UyRdOarlVnHTssLh60EBeNM=; b=S3SgmRuiQCmImw2BsoMYl4Btd1WzvK4jg8ND/ly2mME2Jfwb6/lAkG0uQrrmXSCuF6 gwA0eXIEQhNfCqkseSS9F007Ga423NemsCTpN3icM0eENdJc8rI7lbckcSX8pyqwTFpX pClvxJZn+2XPZHoLTYRnpWlWjVFzlfrsYxlHzLVC4lbEmnClvPT8vdk++xBIG3mg/q8W fipVbBQVMRFgXuvaWb3OD679W5SU+7ZDtaHHGbdlSeaOpDGeDOvH4zwQdtn6pHS/Iy1h h3yyIwRCiOXkC9izcFAniP8CRclYDKZ6x8nmP3oi8v/xVn5UJ442nFPFCrH6nrYxrF2d 5+Ng== X-Gm-Message-State: ABy/qLZIGWFxdMIGJ33LxnPvNgd6cXDKAgaShZ46h4foTpMjP74bw/tM YO/29pLjYVuRfiKTgtEUgvkOKtaf+eBHvhXAPT9Vtg== X-Google-Smtp-Source: APBJJlGAzaGBMEDEBiA7OKjCw4AFkKuZuWq9mWWgWD/TdYR4ihvQDBe9g12ZhclYSQmS5Y8uZ8frAw== X-Received: by 2002:a81:67c2:0:b0:56d:502:43d4 with SMTP id b185-20020a8167c2000000b0056d050243d4mr139380ywc.11.1689205065050; Wed, 12 Jul 2023 16:37:45 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id u63-20020a816042000000b005706c3e5dfcsm1461869ywb.48.2023.07.12.16.37.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:44 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:44 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s Message-ID: <4067ff3f1b422734b79591268644a38f053d2f54.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the `write_midx_context` structure, we use two `uint32_t`'s to track the length and allocated size of the packs, and one `uint32_t` to track the number of objects in the MIDX. In practice, having these be 32-bit unsigned values shouldn't cause any problems since we are unlikely to have that many objects or packs in any real-world repository. But these values should be `size_t`'s, so change their type to reflect that. Signed-off-by: Taylor Blau --- midx.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/midx.c b/midx.c index a5a4ff4398..b176745df1 100644 --- a/midx.c +++ b/midx.c @@ -446,14 +446,14 @@ static int idx_or_pack_name_cmp(const void *_va, const void *_vb) struct write_midx_context { struct pack_info *info; - uint32_t nr; - uint32_t alloc; + size_t nr; + size_t alloc; struct multi_pack_index *m; struct progress *progress; unsigned pack_paths_checked; struct pack_midx_entry *entries; - uint32_t entries_nr; + size_t entries_nr; uint32_t *pack_perm; uint32_t *pack_order; @@ -671,17 +671,18 @@ static void midx_fanout_add_pack_fanout(struct midx_fanout *fanout, static struct pack_midx_entry *get_sorted_entries(struct multi_pack_index *m, struct pack_info *info, uint32_t nr_packs, - uint32_t *nr_objects, + size_t *nr_objects, int preferred_pack) { uint32_t cur_fanout, cur_pack, cur_object; - uint32_t alloc_objects, total_objects = 0; + size_t alloc_objects, total_objects = 0; struct midx_fanout fanout = { 0 }; struct pack_midx_entry *deduplicated_entries = NULL; uint32_t start_pack = m ? m->num_packs : 0; for (cur_pack = start_pack; cur_pack < nr_packs; cur_pack++) - total_objects += info[cur_pack].p->num_objects; + total_objects = st_add(total_objects, + info[cur_pack].p->num_objects); /* * As we de-duplicate by fanout value, we expect the fanout @@ -724,7 +725,8 @@ static struct pack_midx_entry *get_sorted_entries(struct multi_pack_index *m, &fanout.entries[cur_object].oid)) continue; - ALLOC_GROW(deduplicated_entries, *nr_objects + 1, alloc_objects); + ALLOC_GROW(deduplicated_entries, st_add(*nr_objects, 1), + alloc_objects); memcpy(&deduplicated_entries[*nr_objects], &fanout.entries[cur_object], sizeof(struct pack_midx_entry)); From patchwork Wed Jul 12 23:37:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7692EB64DD for ; Wed, 12 Jul 2023 23:38:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233013AbjGLXiE (ORCPT ); Wed, 12 Jul 2023 19:38:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233332AbjGLXhu (ORCPT ); Wed, 12 Jul 2023 19:37:50 -0400 Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6FA11FF0 for ; Wed, 12 Jul 2023 16:37:48 -0700 (PDT) Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-579de633419so81735117b3.3 for ; Wed, 12 Jul 2023 16:37:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205068; x=1691797068; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=nzLc63qihmr54itTZhOj4+LHeXKDpE9PTqcI9TATag0=; b=1FwGLZiJalk9mHHbTeDrf4qZtHQVX8YxqTYyHaoj+XsfNfp0UDuiwq8k2jg5XvN08t 6vmmQvfOX01BHLOni/njw76N1TWiIBDqc/QCtx0gD6cyBSnRJ8LJ+ZlGGnYdhWft6UWk c/yKdkPxojbJgVTaiaZ/JK3JxFjBEjbwl0ZfuCAhciqO0z3jpx90ZmfK9d/AtM59KK7K f6pntrKr4UhTDJHE+aac7vpBbIjaUd8gUox+S1ncjy6f2MB+paaeFjKKq4mj+cvHohRV Ka9hwE7eJUydUCZtDnw3yaVsEq0GgNdOo3myG/5o7NYWrKTtUmiVfc1A716GUawkasR1 PJBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205068; x=1691797068; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nzLc63qihmr54itTZhOj4+LHeXKDpE9PTqcI9TATag0=; b=R8Ld8SNYfBMrApCFPjrLcT0EThNfOkk6wa7J2pbVGFvm2bbCsamGdtn9v2XAk+UgqG TWq++En5elx3rmwUxHiytVbPoVSIUiY0u03TcrQjDPPxQ6K8FF3o+TcTRfU938LpxTsI jkBlMLIGI9n4Wiq33FKLcHN8BD+hkhbK9CpeUreNyw1KQGfTApFNFKBpTU3mfkd1Xeu+ fqu9JcPBAb+DgkPH425YiHImn2FXdpFVx/PFv7Wb2AwwRruyf+vh6KVTBfSuuPfLOb4H TAH9ZZlnGPTfmriQ4TJsK3yymY8yZNA0+iU0hFQLNKU9a0zeUY7J8E/BRWUBAbJrx/UH pm3A== X-Gm-Message-State: ABy/qLYuvuILwtPhXImC6z4LoBTdU6AGxvYKVvJixBeOZM59DoRADAcB F5SlNEhr57DrruL5rIbj8QB7c1ER0ecVWmC4SDsCpA== X-Google-Smtp-Source: APBJJlFh9kMd1fzY9yvbFDXzPr4PVJkRRproQgRNqT1MBQquMF4Uv4bucrEphiHqOQ0vZ1DElcgRyg== X-Received: by 2002:a81:6704:0:b0:57a:8de6:86b1 with SMTP id b4-20020a816704000000b0057a8de686b1mr91330ywc.31.1689205067757; Wed, 12 Jul 2023 16:37:47 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id o8-20020a0dcc08000000b0054c0f3fd3ddsm1483859ywd.30.2023.07.12.16.37.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:47 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:46 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 08/20] midx.c: prevent overflow in `write_midx_internal()` Message-ID: <09bd84700bd1904cd5340d5c4dbf7bd84ae1922d.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org When writing a MIDX, we use the chunk-format API to write out each individual chunk of the MIDX. Each chunk of the MIDX is tracked via a call to `add_chunk()`, along with the expected size of that chunk. Guard against overflow when dealing with a MIDX with a large number of entries (and consequently, large chunks within the MIDX file itself) to avoid corrupting the contents of the MIDX itself. Signed-off-by: Taylor Blau --- midx.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/midx.c b/midx.c index b176745df1..57c53dbd4a 100644 --- a/midx.c +++ b/midx.c @@ -1501,21 +1501,22 @@ static int write_midx_internal(const char *object_dir, add_chunk(cf, MIDX_CHUNKID_OIDFANOUT, MIDX_CHUNK_FANOUT_SIZE, write_midx_oid_fanout); add_chunk(cf, MIDX_CHUNKID_OIDLOOKUP, - (size_t)ctx.entries_nr * the_hash_algo->rawsz, + st_mult(ctx.entries_nr, the_hash_algo->rawsz), write_midx_oid_lookup); add_chunk(cf, MIDX_CHUNKID_OBJECTOFFSETS, - (size_t)ctx.entries_nr * MIDX_CHUNK_OFFSET_WIDTH, + st_mult(ctx.entries_nr, MIDX_CHUNK_OFFSET_WIDTH), write_midx_object_offsets); if (ctx.large_offsets_needed) add_chunk(cf, MIDX_CHUNKID_LARGEOFFSETS, - (size_t)ctx.num_large_offsets * MIDX_CHUNK_LARGE_OFFSET_WIDTH, + st_mult(ctx.num_large_offsets, + MIDX_CHUNK_LARGE_OFFSET_WIDTH), write_midx_large_offsets); if (flags & (MIDX_WRITE_REV_INDEX | MIDX_WRITE_BITMAP)) { ctx.pack_order = midx_pack_order(&ctx); add_chunk(cf, MIDX_CHUNKID_REVINDEX, - ctx.entries_nr * sizeof(uint32_t), + st_mult(ctx.entries_nr, sizeof(uint32_t)), write_midx_revindex); } From patchwork Wed Jul 12 23:37:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311033 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8E10EB64DA for ; Wed, 12 Jul 2023 23:38:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229847AbjGLXiG (ORCPT ); Wed, 12 Jul 2023 19:38:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233379AbjGLXhz (ORCPT ); Wed, 12 Jul 2023 19:37:55 -0400 Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94DCE2113 for ; Wed, 12 Jul 2023 16:37:51 -0700 (PDT) Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-5704fce0f23so86449487b3.3 for ; Wed, 12 Jul 2023 16:37:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205070; x=1691797070; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=K45ZX/XKjpaBddWI/twC9FLpzPLFI9xWeSKIQfsT/3g=; b=w6qbmy6E4a/BZf/IO6GTenNOTeMKnLvy3P3K7y+lAXwF1taPBH6WH53Vf5ZfRcabyA TPs4upIIJLO3LGBb7/IxpV3YDIxUy5nUn+aHRnP7NN4WtZQIiXG6LxdpOg+EWfEdGAtF JVNzV2do/JxzGST4gczo70fD6dw1cLp1VaFr1NstyxEwNw6OdUdLSQW8iDPlo3S0HC6S 4hWYeVErXQ+JlrT/2UbG+IMy0hcCSZonyxVjubI7SZDJW1FWJe8JBEB8HLSqZYrOC5cF l9Bh/wMdMcQRMxPOqINFPYVi5itqG7/hZHnnv4fGddnBIBSVnERehmISvg8Mq3sf7kLo 5yHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205070; x=1691797070; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=K45ZX/XKjpaBddWI/twC9FLpzPLFI9xWeSKIQfsT/3g=; b=Y5oDsKgAVdjQwaiP7Rm8bIOYj3yxm5PLrePtFeURX9+KdMKekgLSM2MQSAWkdieqiR o4H+SjT4RQ9Hts0HeK+c8BA+jMQU1A0VP2jGpYvuf7yZkSgORsXfIR/NoZ03f+3Z58bN 4sHlUNJLA/UPSBkPpeaAaYB7uAI+kEx71L1QWwhFKvRXFavPmsVDbO2OSaT7vFArFqCN wv92lAkTlHAd81Gjh78Tx+ILdF/tKg9oX2DmTmtqxQ9mPGmKc8GBdYzwo4HERCBZHiVb zIxHMDZcFQ3fhJJ18mvjHvaT7WPHxwRSjYS87eWbFwlJpnkkY/9X6MuWTuLsVEOgl8l2 vajQ== X-Gm-Message-State: ABy/qLYV2JHV3CEbdE06+eJbraIsXNz7PSB0XGhKRNRo/NkO2V6HzFEF KqhdoPGiE92S9Bk39nOmAS2nxOX1Gu92TnF9zYX10A== X-Google-Smtp-Source: APBJJlEmAz4RA61uKCY/olFZWhwSw8MA053Lwrw66T2bue4RAs3eoz/BN/4D7oRvo1ygudnywuV3rw== X-Received: by 2002:a81:6c55:0:b0:57a:8ecb:11ad with SMTP id h82-20020a816c55000000b0057a8ecb11admr80303ywc.43.1689205070611; Wed, 12 Jul 2023 16:37:50 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id v145-20020a814897000000b0057a8de72338sm1443038ywa.68.2023.07.12.16.37.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:50 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:49 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 09/20] midx.c: prevent overflow in `fill_included_packs_batch()` Message-ID: <80c79f6fea2fdafb00e6c2866ae1756c1956d16e.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as in previous commits, avoid an integer overflow when computing the expected size of a MIDX. (Note that this is also OK as-is, since `p->pack_size` is an `off_t`, so this computation should already be done as 64-bit integers. But again, let's use `st_mult()` to make this fact clear). Signed-off-by: Taylor Blau --- midx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/midx.c b/midx.c index 57c53dbd4a..a5e4094340 100644 --- a/midx.c +++ b/midx.c @@ -1994,8 +1994,8 @@ static int fill_included_packs_batch(struct repository *r, if (open_pack_index(p) || !p->num_objects) continue; - expected_size = (size_t)(p->pack_size - * pack_info[i].referenced_objects); + expected_size = st_mult(p->pack_size, + pack_info[i].referenced_objects); expected_size /= p->num_objects; if (expected_size >= batch_size) From patchwork Wed Jul 12 23:37:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311032 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4954EB64DD for ; Wed, 12 Jul 2023 23:38:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233002AbjGLXiI (ORCPT ); Wed, 12 Jul 2023 19:38:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233391AbjGLXh5 (ORCPT ); Wed, 12 Jul 2023 19:37:57 -0400 Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B858211C for ; Wed, 12 Jul 2023 16:37:54 -0700 (PDT) Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-579efc32377so81928137b3.1 for ; Wed, 12 Jul 2023 16:37:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205073; x=1691797073; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=4YUlZoHQI+N0Wp5Inpg3wT76vKxb7CvRII98frxzjeE=; b=U5/hGMRplLiv4cWlSDbWqoQ4vrarUZmtXootDrQJVl9iAMwpOdxGLt293qwDnW9bAR Vo46ozeYIeJ4cC0WuviOrU/uy5qPREscXuk0hITGcbiR7wtATQomVfTl3iSJEjBCKj2t q6g3vJW4XnpDeiWwrnfvoJFjLShqt559yYdednrb+gwEaNMp/u8v2lnwYSB2prN4E0Z7 dBxeCunSooLOKFwvJvXDB1sugz8E0xu0K7Eukk8Lrn5+iGZCE4Ts9+s2xEXhmttGiZHn YP+lZ1eV1O0cwHe/1/j0uksu/fhDC9yWKcTPQxARiZxc29/62b80De4/ia75HZi+jF2O KUXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205073; x=1691797073; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4YUlZoHQI+N0Wp5Inpg3wT76vKxb7CvRII98frxzjeE=; b=b1sYj7aKqYSodtZK8t4/g3S2Nuy+t2/R1HzfSdDFcWP5guK31hQALoQMCQ6lpxcFty pKRz8Kk0TeFSzX/y3izS9E9tbs2eUbsmF4D3EX2Sdy8fS5d05oT4vvm73NGBK0i/5IcA NssonA3oI5dMfKjZjkRJwj2NEYyusRPmbd0hpzksOU2ML+u919V8U7Of0uIiRfX9oGP5 A9H62P4eiVZsGMlMAAbpeQ5rKSP1THXoAUl8EJX6VL3qaRmjiglToKUDvOkvDYWpRIYv xBM1bm7kNRMLq88jfRI5lREUaJisO1AqCi9W1GtWYsZOEsIGNp99gJ0zUjqr7nKwMntw LAIg== X-Gm-Message-State: ABy/qLYnSyHN1W/OL2IsMXJiKYl3zr4ZGdUBbHarth1ZIFxaNLbxJuKp UeqeGXbUzm1hqbzTyOn9YHa54/Hxq7etWGFAN0FPoA== X-Google-Smtp-Source: APBJJlFvBXczxwLN2hPGo5W8DqOHjJ7cbJMcMTc/eL2gYLiBCYakFljjxtTe6GLo1nvzFokHzD84Zg== X-Received: by 2002:a81:8645:0:b0:576:8fcd:270f with SMTP id w66-20020a818645000000b005768fcd270fmr128168ywf.19.1689205073283; Wed, 12 Jul 2023 16:37:53 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id n7-20020a819c47000000b00568b941e5e3sm1445057ywa.72.2023.07.12.16.37.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:53 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:52 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 10/20] pack-bitmap.c: ensure that eindex lookups don't overflow Message-ID: <822cb19da4e7dac5b1d4d4c7e115d7e4bcb7c976.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org When a bitmap is used to answer some reachability query, it creates a pseudo-bitmap called the "extended index" on top of any existing bitmaps to store objects that are relevant to the query, but not mentioned in the bitmap. When looking up the ith object in the extended index in a bitmap, it is common to write something like: bitmap_get(result, i + bitmap_num_objects(bitmap_git)) , indicating that we want the ith object following all other objects mentioned in the bitmap_git. Since the type of `i` and the return type of `bitmap_num_objects()` are both `uint32_t`s, But if there are either a large number of objects in the bitmap, or a large number of objects in the extended index (or both), this addition can overflow when the sum is greater than 2^32-1. Having that large of a bitmap position is entirely acceptable, but we need to ensure that the computed bitmap position for that object is performed using 64-bits and doesn't overflow. Signed-off-by: Taylor Blau --- pack-bitmap.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pack-bitmap.c b/pack-bitmap.c index 7367f62bb6..7ddb465c20 100644 --- a/pack-bitmap.c +++ b/pack-bitmap.c @@ -1294,7 +1294,7 @@ static void show_extended_objects(struct bitmap_index *bitmap_git, for (i = 0; i < eindex->count; ++i) { struct object *obj; - if (!bitmap_get(objects, bitmap_num_objects(bitmap_git) + i)) + if (!bitmap_get(objects, st_add(bitmap_num_objects(bitmap_git), i))) continue; obj = eindex->objects[i]; @@ -1473,7 +1473,7 @@ static void filter_bitmap_exclude_type(struct bitmap_index *bitmap_git, * them individually. */ for (i = 0; i < eindex->count; i++) { - uint32_t pos = i + bitmap_num_objects(bitmap_git); + size_t pos = st_add(i, bitmap_num_objects(bitmap_git)); if (eindex->objects[i]->type == type && bitmap_get(to_filter, pos) && !bitmap_get(tips, pos)) @@ -1564,7 +1564,7 @@ static void filter_bitmap_blob_limit(struct bitmap_index *bitmap_git, } for (i = 0; i < eindex->count; i++) { - uint32_t pos = i + bitmap_num_objects(bitmap_git); + size_t pos = st_add(i, bitmap_num_objects(bitmap_git)); if (eindex->objects[i]->type == OBJ_BLOB && bitmap_get(to_filter, pos) && !bitmap_get(tips, pos) && @@ -2038,7 +2038,8 @@ static uint32_t count_object_type(struct bitmap_index *bitmap_git, for (i = 0; i < eindex->count; ++i) { if (eindex->objects[i]->type == type && - bitmap_get(objects, bitmap_num_objects(bitmap_git) + i)) + bitmap_get(objects, + st_add(bitmap_num_objects(bitmap_git), i))) count++; } @@ -2452,7 +2453,8 @@ static off_t get_disk_usage_for_extended(struct bitmap_index *bitmap_git) for (i = 0; i < eindex->count; i++) { struct object *obj = eindex->objects[i]; - if (!bitmap_get(result, bitmap_num_objects(bitmap_git) + i)) + if (!bitmap_get(result, + st_add(bitmap_num_objects(bitmap_git), i))) continue; if (oid_object_info_extended(the_repository, &obj->oid, &oi, 0) < 0) From patchwork Wed Jul 12 23:37:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E705C0015E for ; Wed, 12 Jul 2023 23:38:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233243AbjGLXiK (ORCPT ); Wed, 12 Jul 2023 19:38:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233423AbjGLXiA (ORCPT ); Wed, 12 Jul 2023 19:38:00 -0400 Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E42B9173B for ; Wed, 12 Jul 2023 16:37:56 -0700 (PDT) Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-576a9507a9bso20241797b3.1 for ; Wed, 12 Jul 2023 16:37:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205076; x=1691797076; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=XQw6P6gSvELa1/+kANjPKHLJEckVwwMT5jiBPmjT8PE=; b=LBBZBznfjWQTrwxF/xeHvZkF9jZ75IZxS8sBe+6BLtI8YOChPQ2Q7/gHvTZY7rJLQ4 yYjlZoY1r7W5DpA06sV2RXExoRwz7JzDKJMCbDkkiEz0Df7Gz60emsc0EJvDQpvLxNsy fKimQeRhi3oyaVc7vtrWDkB/3Bmkya/mCWX6bbaWHcTcDNpNhaN6Q9d0avFLo/ZFi9Ux P1BLSeDMPDzNHJamiXsR62XRjpJo/p/amS/vSchO8KbpuDJuCg68C3lP2MI5bqjwNLet 2T2/0oc2WzwBLvIozJ+Kkv1NDA9GLCR9ctpdkRIAb0fDCvYbGCF+/lP2Cp6k4XNdkCxM PRjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205076; x=1691797076; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=XQw6P6gSvELa1/+kANjPKHLJEckVwwMT5jiBPmjT8PE=; b=fg35c96Eh8p2B7OW08t/SBNatmNyij3HLZV9r50G34PLid78Dk+pDbgU0MjAaxQKY1 mJkzTLoFMo1SWo5X+oXyfWV8lved6L0CCnht/emeWzL+OuyT8m7meKCviR96MZaoo6vL UQU/06pirSJalxuiinFp97TSPTwy0ig3KT7HybR48dHSeT4JGQTpWnIUJiCT0bIYNrRV +h4AXFcbcXMXn6Z9SAR5sMHlak74DXxU3c6D45sCPQ8Hk5CRe++E90xF7gOZVyoEiouy 14LUxXgl4a78obmgosNXG89xntzSU8cKQqi2R2pEVB0sMsnh8FhkPLw9CUjPQlU1D7Hk G87Q== X-Gm-Message-State: ABy/qLY34rM70lPe9dOwgFWgNYhrMJUgwQuHycsJ0lawLu2FROwJwDLU /qPA99mH+qI0tAiBAc7Fhmqwck1xmQCnZtnQ7F32NQ== X-Google-Smtp-Source: APBJJlH6l+bW8F65n8kbxvA2486mnst9tpl2cv4fvvCQXlPKqX/nKMUN0CJEH4epID3VzY+DS+cvJw== X-Received: by 2002:a0d:e6c6:0:b0:57a:8ba5:224b with SMTP id p189-20020a0de6c6000000b0057a8ba5224bmr4076732ywe.9.1689205076001; Wed, 12 Jul 2023 16:37:56 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id q63-20020a817542000000b0057a68b6c2f4sm1463873ywc.133.2023.07.12.16.37.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:55 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:54 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 11/20] commit-graph.c: prevent overflow in `write_commit_graph_file()` Message-ID: <66e57bf359dad6c83e103f2b6ffa51d82f604d8d.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org When writing a commit-graph, we use the chunk-format API to write out each individual chunk of the commit-graph. Each chunk of the commit-graph is tracked via a call to `add_chunk()`, along with the expected size of that chunk. Similar to an earlier commit which handled the identical issue in the MIDX machinery, guard against overflow when dealing with a commit-graph with a large number of entries to avoid corrupting the contents of the commit-graph itself. Signed-off-by: Taylor Blau --- commit-graph.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index f70afccada..538f96b27a 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -1952,35 +1952,35 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) add_chunk(cf, GRAPH_CHUNKID_OIDFANOUT, GRAPH_FANOUT_SIZE, write_graph_chunk_fanout); - add_chunk(cf, GRAPH_CHUNKID_OIDLOOKUP, hashsz * ctx->commits.nr, + add_chunk(cf, GRAPH_CHUNKID_OIDLOOKUP, st_mult(hashsz, ctx->commits.nr), write_graph_chunk_oids); - add_chunk(cf, GRAPH_CHUNKID_DATA, (hashsz + 16) * ctx->commits.nr, + add_chunk(cf, GRAPH_CHUNKID_DATA, st_mult(hashsz + 16, ctx->commits.nr), write_graph_chunk_data); if (ctx->write_generation_data) add_chunk(cf, GRAPH_CHUNKID_GENERATION_DATA, - sizeof(uint32_t) * ctx->commits.nr, + st_mult(sizeof(uint32_t), ctx->commits.nr), write_graph_chunk_generation_data); if (ctx->num_generation_data_overflows) add_chunk(cf, GRAPH_CHUNKID_GENERATION_DATA_OVERFLOW, - sizeof(timestamp_t) * ctx->num_generation_data_overflows, + st_mult(sizeof(timestamp_t), ctx->num_generation_data_overflows), write_graph_chunk_generation_data_overflow); if (ctx->num_extra_edges) add_chunk(cf, GRAPH_CHUNKID_EXTRAEDGES, - 4 * ctx->num_extra_edges, + st_mult(4, ctx->num_extra_edges), write_graph_chunk_extra_edges); if (ctx->changed_paths) { add_chunk(cf, GRAPH_CHUNKID_BLOOMINDEXES, - sizeof(uint32_t) * ctx->commits.nr, + st_mult(sizeof(uint32_t), ctx->commits.nr), write_graph_chunk_bloom_indexes); add_chunk(cf, GRAPH_CHUNKID_BLOOMDATA, - sizeof(uint32_t) * 3 - + ctx->total_bloom_filter_data_size, + st_add(sizeof(uint32_t) * 3, + ctx->total_bloom_filter_data_size), write_graph_chunk_bloom_data); } if (ctx->num_commit_graphs_after > 1) add_chunk(cf, GRAPH_CHUNKID_BASE, - hashsz * (ctx->num_commit_graphs_after - 1), + st_mult(hashsz, ctx->num_commit_graphs_after - 1), write_graph_chunk_base); hashwrite_be32(f, GRAPH_SIGNATURE); @@ -1998,7 +1998,7 @@ static int write_commit_graph_file(struct write_commit_graph_context *ctx) get_num_chunks(cf)); ctx->progress = start_delayed_progress( progress_title.buf, - get_num_chunks(cf) * ctx->commits.nr); + st_mult(get_num_chunks(cf), ctx->commits.nr)); } write_chunkfile(cf, ctx); From patchwork Wed Jul 12 23:37:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311034 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9033EB64DD for ; Wed, 12 Jul 2023 23:38:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232369AbjGLXiL (ORCPT ); Wed, 12 Jul 2023 19:38:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232659AbjGLXiC (ORCPT ); Wed, 12 Jul 2023 19:38:02 -0400 Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A354B1FDE for ; Wed, 12 Jul 2023 16:37:59 -0700 (PDT) Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-577497ec6c6so80066247b3.2 for ; Wed, 12 Jul 2023 16:37:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205079; x=1691797079; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=ugsJbil9q+eRrCIb0dS2LW2SDHdbbHmbbduiUJNFGIM=; b=I2C/PrGD36bdsOAwwl4x3OgYdrR2ZYJ/osR+UP8mVrK7OfpXh/ojBD/4XDFmrICPdB dT9KJr1M5G6ZUaEQIqROD9LSxG82RAJ7bo5oLGpOrbCt/4WkTDbKCoZdG/YB7wuLgWL3 J+GmPjhyNaWCcucFlhovrhcHfeRizvYkmMr++aJ27wHcBuarSR8zd1PU/7n+6Vx0oqRn 5EXlVb2miFW0H8TdKV8xx60IhgXHbZqv582fNpGZawkOy+bxqlNEAgZsyv53xee78UfU I8uFh6tab7w85no42uPakf6cv422KZh8rB6PYYsUr4Qlw1ux6MXYH00+Ps+GcwRq1/ql xi5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205079; x=1691797079; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ugsJbil9q+eRrCIb0dS2LW2SDHdbbHmbbduiUJNFGIM=; b=JtrXit/HfAR+1GFOzwTXnWqSqd5aJuCSvp90QQe0/v2hA+zoPaED5HhyTQ1TrBIE12 g/LXG5ATmGMjnnSZnvUhaCm52cqe1ENelax8eDsLCCsExEZ1R49h8ZV0fmbl19LRNoWL Px9tvQE2KT8/S7UUodUYrzG4jp/rmB5vlQZtWSkK/dR02//Km+njefUR82eS/TT68fiL 2x9BzQn6RyQMHB8Fg/Sib/kFMLkQMluLPeE8nIsfA5oNfFj+tAhS3+XFkoRMNPcqmM4P 7V4zjEvZ6K0z8vVR2305Nx+wXmA2WzPTkUh1XbTAduCrv7TDG013VCgreDLDKOXCPLc8 YXCA== X-Gm-Message-State: ABy/qLYel8/BsAQbRSEg9Yjj6l4XJVFip5ce3tC05FyQO9joXHkx60N0 zNu/IL6hKsI04G76emibkAOXHyMuUbJQeAbHCxKJAg== X-Google-Smtp-Source: APBJJlFzBRYTlce7Em+x/xt3GijwTGVOszNgbPDqmMj+Qf9HyOEWcUY/VUvy1o0BmSS9R+IydiWr8g== X-Received: by 2002:a0d:cc0c:0:b0:577:630d:ef63 with SMTP id o12-20020a0dcc0c000000b00577630def63mr96217ywd.24.1689205078621; Wed, 12 Jul 2023 16:37:58 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id f65-20020a0dc344000000b00565271801b6sm1464767ywd.59.2023.07.12.16.37.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:37:58 -0700 (PDT) Date: Wed, 12 Jul 2023 19:37:57 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 12/20] commit-graph.c: prevent overflow in add_graph_to_chain() Message-ID: <34edcef888f0cdb25cb88d1d736e99e338317573.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org The commit-graph uses a fanout table with 4-byte entries to store the number of commits at each shard of the commit-graph. So it is OK to have a commit graph with as many as 2^32-1 stored commits. But we risk overflowing any computation which may exceed the 32-bit (unsigned) maximum when those computations are (incorrectly) performed using 32-bit operands. There are a couple of spots in `add_graph_to_chain()` where we could potentially overflow the result: - First, when comparing the list of existing entries in the commit-graph chain. It is unlikely that this should ever overflow, since it would require having roughly 2^32-1/g->hash_len commit-graphs in the chain. But let's guard that computation with a `st_mult()` just to be safe. - Second, when computing the number of commits in the graph added to the front of the chain. This value is also a 32-bit unsigned, but we should make sure that it does not grow beyond the maximum value. Signed-off-by: Taylor Blau --- commit-graph.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index 538f96b27a..99af73e40a 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -481,7 +481,7 @@ static int add_graph_to_chain(struct commit_graph *g, if (!cur_g || !oideq(&oids[n], &cur_g->oid) || - !hasheq(oids[n].hash, g->chunk_base_graphs + g->hash_len * n)) { + !hasheq(oids[n].hash, g->chunk_base_graphs + st_mult(g->hash_len, n))) { warning(_("commit-graph chain does not match")); return 0; } @@ -491,8 +491,15 @@ static int add_graph_to_chain(struct commit_graph *g, g->base_graph = chain; - if (chain) + if (chain) { + if (unsigned_add_overflows(chain->num_commits, + chain->num_commits_in_base)) { + warning(_("commit count in base graph too high: %"PRIuMAX), + (uintmax_t)chain->num_commits_in_base); + return 0; + } g->num_commits_in_base = chain->num_commits + chain->num_commits_in_base; + } return 1; } From patchwork Wed Jul 12 23:38:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311036 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0D64EB64DA for ; Wed, 12 Jul 2023 23:38:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232866AbjGLXiN (ORCPT ); Wed, 12 Jul 2023 19:38:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231540AbjGLXiE (ORCPT ); Wed, 12 Jul 2023 19:38:04 -0400 Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B15F1FCC for ; Wed, 12 Jul 2023 16:38:02 -0700 (PDT) Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-ca9804dc6e4so123937276.0 for ; Wed, 12 Jul 2023 16:38:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205081; x=1691797081; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=QMU+hrj/KkvqvT01qIgeQkE5p6eCRwlqqHk9p0tocnE=; b=I/j9j3+8uKk1jPwht6WwjvnABN4JU+vNuV1GDairtBa1UkfADfL1fdcbXpxQlgOzUk 99UBdIsL8YZmKG/8CGvF3JNQar0L3I9QpqzFdg47+VY71xwTt1bIUugXT7MczbNoGhzJ OL4koJfGL5cebn6ZvKNoeGCzV9gYyLQpWpkq2XpRSOixTy6X8jXyG8HeBNKKBjgrfV4p QrRmkE9UHzBihxsVRfrFINWIWsbSLmQ+hl6T/UCvXZaqBlpZAD6dMkUqS/TMxBGRRvx2 7LXjscQA1dEmAEN9+kpbBpRGNjTy1Ew5Toizhvjz03THZzfWNab1xOIA+8c4ct/h8Tc/ BTvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205081; x=1691797081; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QMU+hrj/KkvqvT01qIgeQkE5p6eCRwlqqHk9p0tocnE=; b=I4RxmrtbGF1srx/0vMDFdCae5EwmmDiozVE99lW94lGVdlM8Hc4hGXgOILAMCJbupX lD1nuU8SvgQACZi+MbdEVHM8oX+WehT8MA/XCb0c0wi7myt37frjd+/pb4sEiT0glu4+ ovkjvhr/Y/gRVvToDU/enPHxO183wscITCuE9NIDvKhFO4nsnx6z74FLGFf0TdHaFY5G /tBTVgiu1xlfgjNA/iZjEsXUpIbhQrdwLT92H2a4N2NwRU3EEwzGkuZ8p1M0xIbPRJNi KcEY48TanvF5kN3uR+rnwfjNJSSS/F2zMCksGra+3DGcsJNdAqhtbVb168P/BaDDmqhI MbqA== X-Gm-Message-State: ABy/qLZROz+073oSDgVB769mcSo+OB+/PxXWDpNPHekfNvwEqH0MSmtF rYR8KWzoe65EMU0HRhe9/kMnLk71gvm4Aq7oudR0sw== X-Google-Smtp-Source: APBJJlH8APaRzmSw0xWVRtscAJ6vfBb4MM+OigXhQS50EzLwpIp3RblVhlzUeJqOkhfZ/D50kc9XwA== X-Received: by 2002:a25:aa54:0:b0:c4c:b003:17b4 with SMTP id s78-20020a25aa54000000b00c4cb00317b4mr3947902ybi.5.1689205081396; Wed, 12 Jul 2023 16:38:01 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id t15-20020a252d0f000000b00c5fc63686f1sm1193738ybt.16.2023.07.12.16.38.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:01 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:00 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 13/20] commit-graph.c: prevent overflow in `load_oid_from_graph()` Message-ID: <0b7aabc23b10c1c3e260848dd8ac500ee7e62d8c.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when trying to compute an offset into the `chunk_oid_lookup` table when the `lex_index` of the item we're trying to look up exceeds `2^32-1/g->hash_len`. Signed-off-by: Taylor Blau --- commit-graph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commit-graph.c b/commit-graph.c index 99af73e40a..1b70bdb07e 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -753,7 +753,7 @@ static void load_oid_from_graph(struct commit_graph *g, lex_index = pos - g->num_commits_in_base; - oidread(oid, g->chunk_oid_lookup + g->hash_len * lex_index); + oidread(oid, g->chunk_oid_lookup + st_mult(g->hash_len, lex_index)); } static struct commit_list **insert_parent_or_die(struct repository *r, From patchwork Wed Jul 12 23:38:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311037 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22B79EB64DA for ; Wed, 12 Jul 2023 23:38:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231723AbjGLXid (ORCPT ); Wed, 12 Jul 2023 19:38:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232285AbjGLXiY (ORCPT ); Wed, 12 Jul 2023 19:38:24 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16FEF1BF2 for ; Wed, 12 Jul 2023 16:38:05 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id 3f1490d57ef6-c4dd264359cso84276.3 for ; Wed, 12 Jul 2023 16:38:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205084; x=1691797084; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=2juJz+XqNUzfjF+rbmcIRT44Yh17DlsW3aU6M8fDG3w=; b=TPNSYA8sAqiSd16SLB2y0zPCoFqxvDwFHTf+DbUw9YrCLfLI/Mzg6ytsvCNsP2tAl5 LJrQx/id7OtUQcUyjmILrtJDakjQxcplaQfImk78TnxgoZ5IT09lTtZNDBfl2NgmnScw KHpAj+GKurCifjULUjNiojZ4lvkcSMgz3oyljXd5wxMN+U1Cb/uOljyMlGlbVdX3Pv79 dUE3oklI2lfCKRZsB2dBzGtsJVqoqjwMncx9+hqpYEgXs0DhvOtXN/xQzJvqzFUhCQlj L7eQqxsCV+qbi8Nf7M4GQ5eg6ovAggtEJEvrHZkfJrplwibh52MkLvGGKBitGIWhwpwk FMKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205084; x=1691797084; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=2juJz+XqNUzfjF+rbmcIRT44Yh17DlsW3aU6M8fDG3w=; b=NrPkQXQ/ykbpfnW9Hm9+LlO6qglGZeuPUs+6RzcND7LQPZ6pBYBl6Pmcxj7U8I9qGY dYB/AWoV4KPeLLXORDh+pe9tBG2TO4Io6k1utsHoxDUQLKc/Q/gBFGeEfiKB+QqtRBQo PcQudx1j7+Tj33s3tUmpe619V7kswbEhHFjy+nVu0DBXvsLNRknLkYpMnvkw1fuiWnMi Ck7Xdr/T3csga6oRVFvKJE4DeMVggnyS2qPI1AK3fRDv5jSbe3hRW3plTc9x4axJcm3+ 1Lv+ANL/iFJ+GzyKhbvtf4ySvZnkznbxGK99sN0e0ZX07tHpknvqqXZP73L8DoofC9sf ILBw== X-Gm-Message-State: ABy/qLYddaCemELfbJBQwFD6NZYlqmyAX/dOUzOFaQ8Y8B1GSTQLb4H4 ribsJjQcFWCDKJll+0KrS+xpIO0BKnzItG+1Mo473w== X-Google-Smtp-Source: APBJJlGhbtUnmFzN6YOj9kkRbRviwRFy/Zqh1crTQ9VZhlVFIL/L1RYL826fHdUmkZChm58XXvfxag== X-Received: by 2002:a25:4c07:0:b0:bc6:5d71:f820 with SMTP id z7-20020a254c07000000b00bc65d71f820mr17869102yba.55.1689205084094; Wed, 12 Jul 2023 16:38:04 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id z1-20020a25ad81000000b00c581e8d0ae4sm1180626ybi.56.2023.07.12.16.38.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:03 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:03 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 14/20] commit-graph.c: prevent overflow in `fill_commit_graph_info()` Message-ID: <62a3e40b9714bb8739ab32eceda8816b073ba5de.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow in a few spots within `fill_commit_graph_info()`: - First, when computing an offset into the commit data chunk, which can occur when the `lex_index` of the item we're looking up exceeds 2^32-1/GRAPH_DATA_WIDTH. - A similar issue when computing the generation date offset for commits with `lex_index` greater than 2^32-1/4. Note that in practice this will never overflow, since the left-hand operand is from calling `sizeof(...)` and is thus already a `size_t`. But wrap that in an `st_mult()` to make it clear that we intend to perform this computation using 64-bit operands. - Finally, a nearly identical issue as above when computing an offset into the `generation_data_overflow` chunk. Signed-off-by: Taylor Blau --- commit-graph.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index 1b70bdb07e..ceaeb8b785 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -789,7 +789,7 @@ static void fill_commit_graph_info(struct commit *item, struct commit_graph *g, die(_("invalid commit position. commit-graph is likely corrupt")); lex_index = pos - g->num_commits_in_base; - commit_data = g->chunk_commit_data + GRAPH_DATA_WIDTH * lex_index; + commit_data = g->chunk_commit_data + st_mult(GRAPH_DATA_WIDTH, lex_index); graph_data = commit_graph_data_at(item); graph_data->graph_pos = pos; @@ -799,14 +799,14 @@ static void fill_commit_graph_info(struct commit *item, struct commit_graph *g, item->date = (timestamp_t)((date_high << 32) | date_low); if (g->read_generation_data) { - offset = (timestamp_t)get_be32(g->chunk_generation_data + sizeof(uint32_t) * lex_index); + offset = (timestamp_t)get_be32(g->chunk_generation_data + st_mult(sizeof(uint32_t), lex_index)); if (offset & CORRECTED_COMMIT_DATE_OFFSET_OVERFLOW) { if (!g->chunk_generation_data_overflow) die(_("commit-graph requires overflow generation data but has none")); offset_pos = offset ^ CORRECTED_COMMIT_DATE_OFFSET_OVERFLOW; - graph_data->generation = item->date + get_be64(g->chunk_generation_data_overflow + 8 * offset_pos); + graph_data->generation = item->date + get_be64(g->chunk_generation_data_overflow + st_mult(8, offset_pos)); } else graph_data->generation = item->date + offset; } else From patchwork Wed Jul 12 23:38:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311038 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA6E1EB64DA for ; Wed, 12 Jul 2023 23:38:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233308AbjGLXih (ORCPT ); Wed, 12 Jul 2023 19:38:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233283AbjGLXiZ (ORCPT ); Wed, 12 Jul 2023 19:38:25 -0400 Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9628E211C for ; Wed, 12 Jul 2023 16:38:07 -0700 (PDT) Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-579dd20b1c8so82789107b3.1 for ; Wed, 12 Jul 2023 16:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205086; x=1691797086; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=hpE5g+uWgax8IGRduDa+G9Yt6ihxoWIeZdKbkK0J6bs=; b=U+BsMjV75NkE87sQSMhD4kWSFyqTm8OBrOnPDQPp6dNAdW/i1VO1lCaCs7b8gotkg7 0MjpaUFuxu/cy9yzW/S/JHVSGJj/miNYeYSrfz19P+D60V12B7N9oeeRKyK2G5iSQIfj 1U4gEgUP/hgTSvLJ6Y0Ndr3YJyHj1wI72ko3PfIZ2zCeJzT8QyT1Ve1E9Gy6p6hX2WhF dyTQhh9inOrZQcYWT50mIcoxhI8PF2XMrxoENgUl5K7hd322xp1JjnuKNPaIxkNLc3kJ YeIKccESCkW/duRKq3qDFRh2YfJDw9ejMooO1gHdfrTiZaWVNefKUrPC6SR5BpltXpVP jPNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205086; x=1691797086; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=hpE5g+uWgax8IGRduDa+G9Yt6ihxoWIeZdKbkK0J6bs=; b=YQG079Fy2s3+4Sqh1OSTJXdjDDmBqhSNID3Nz7t2LQvQuREGXeWpkuqGDDy1vQqiVi 6qwJrr9YkmJOKzRkN6SUQHRS7ClzJQbE8f4BnyZEGwHZlbHDJwV/J+unjJ7CVq6bwh+S aa2CWJlmsAUh3SRlMga3IrIBX58INwvYyCbZza8X9bQRVXnSCE4F59hHrxzLgMxKiLni qEQs31ThIWKsbDbbnckZRTmpCYcuDrOS6yiGJwai9xgQhAgaS7zIVwEwBOGdia1JwfCy tcUk2p5x4iXiK1Z9OczMP0DQNFNglBVDgzKZxveQUX3NZCRYL9bFdvHy640EQsU2ewkU tWIA== X-Gm-Message-State: ABy/qLZvNRMt7wF/6cwWZtzCImYocpngm9SyEfOzCkMVP36EM13mwms0 m0cqjfjxioWHF8rAb9AN/IAb5DTkZ3stgpnmn2VZOQ== X-Google-Smtp-Source: APBJJlF11LEiLneWxCkpteWyIqOcqs4sAJxM2Q2W42f78cX30NMGZCNY3IIuG36JH6WPElII/7o9Ig== X-Received: by 2002:a81:918a:0:b0:57a:5099:fd7a with SMTP id i132-20020a81918a000000b0057a5099fd7amr139098ywg.3.1689205086729; Wed, 12 Jul 2023 16:38:06 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id x189-20020a81a0c6000000b0057399b3bd26sm1488909ywg.33.2023.07.12.16.38.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:06 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:05 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 15/20] commit-graph.c: prevent overflow in `fill_commit_in_graph()` Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when the lex_index of the commit we are trying to fill out exceeds 2^32-1/(g->hash_len+16). The other hunk touched in this patch is not susceptible to overflow, since an explicit cast is made to a 64-bit unsigned value. For clarity and consistency with the rest of the commits in this series, avoid a tricky to reason about cast, and use `st_mult()` directly. Signed-off-by: Taylor Blau --- commit-graph.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index ceaeb8b785..ca1d997516 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -837,7 +837,7 @@ static int fill_commit_in_graph(struct repository *r, fill_commit_graph_info(item, g, pos); lex_index = pos - g->num_commits_in_base; - commit_data = g->chunk_commit_data + (g->hash_len + 16) * lex_index; + commit_data = g->chunk_commit_data + st_mult(g->hash_len + 16, lex_index); item->object.parsed = 1; @@ -859,7 +859,7 @@ static int fill_commit_in_graph(struct repository *r, } parent_data_ptr = (uint32_t*)(g->chunk_extra_edges + - 4 * (uint64_t)(edge_value & GRAPH_EDGE_LAST_MASK)); + st_mult(4, edge_value & GRAPH_EDGE_LAST_MASK)); do { edge_value = get_be32(parent_data_ptr); pptr = insert_parent_or_die(r, g, From patchwork Wed Jul 12 23:38:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311040 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7735FEB64DA for ; Wed, 12 Jul 2023 23:38:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233399AbjGLXip (ORCPT ); Wed, 12 Jul 2023 19:38:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233320AbjGLXic (ORCPT ); Wed, 12 Jul 2023 19:38:32 -0400 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A285212F for ; Wed, 12 Jul 2023 16:38:10 -0700 (PDT) Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-c1aad78d5b2so2017743276.0 for ; Wed, 12 Jul 2023 16:38:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205089; x=1691797089; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+Ga1luYXgMtsLKHbLTP+7HbaJb+4veI1jkAMoUVnFic=; b=GRmvqpCQG7zsuTK8Nx79t3qTWwm/t+vpvMGtrsV7UOiuC3gD0WvZ5Q3M9GQU1BM7iL laap+l+PbjIkpI4vat5JaIaCbq0L3S8M9FKetCOwD/7PFArXy8wk/FIWXVQotk/CvDLx siu67wDgZp3Fo/HPfJoCnFCFC1gohjCP92AU4kg9YH3X320vqR817yOgNXCFxdw8kfJf ZuTHqSOSzCWNXwpj506OfU809kHV4+K27XzNHQYU+akOMZa7OAzdOWQBtb9OH5RaoAMJ BPN1DrUpwzjFvekfke+/GxjDmK9ZclpVcwhjpH1w50Oh5JJe2csEgUAUIA+Gn61he7Vs rsow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205089; x=1691797089; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+Ga1luYXgMtsLKHbLTP+7HbaJb+4veI1jkAMoUVnFic=; b=cxwzeNSjuHP5LQFznrnHGqeUvcTsI5RPUWg8s70eR5nJlMBjHx5naClbkOCSrBqwSt +sL85V9Q4HHPGaZtnJSuLsSUHhtRuEATmvhgfsrEXOYPkoX+i/l7jjr+EbCQ1fMRh0uR gJqIu1jhN3VVgOYIa1IRgDhaStnihFIJf9GDSm9SQHF7s7meK8SMs11wtuVdYp+8Ofep +0rCXbU1ToEWeb+R2nj/IpS9m3A54tYNoGRAux3GTwqrdbA2VlCQPx0o4cJOzyBsYJai aUi4OWr6nc2fuaoanFOAjsEwmlqWP4jDC3SfisuGxQYqGQjiKjQvMn53V5vKheCe3Rga EaaQ== X-Gm-Message-State: ABy/qLa2BQbhW9OGHIvWDo82u3cEBj/Wx++h4F/kweXqrAmy8IHpTG+g 1aeupA1ytIx5vPxbV146A1hISAKngn6XqmKnzI7HQg== X-Google-Smtp-Source: APBJJlG7M4wZXEr/H2Ehiu8nThOC0U3XpzNETLOwQiJnBGCFQYhDu2I5e4OVOZomx8bOr5VHdyqyrA== X-Received: by 2002:a81:488a:0:b0:56c:f547:e058 with SMTP id v132-20020a81488a000000b0056cf547e058mr4019724ywa.18.1689205089318; Wed, 12 Jul 2023 16:38:09 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id i65-20020a819144000000b0057072e7fa77sm1454074ywg.95.2023.07.12.16.38.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:09 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:08 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 16/20] commit-graph.c: prevent overflow in `load_tree_for_commit()` Message-ID: <32c046e684acd27df254b8e500e0b64ec76b197d.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when computing an offset into the commit_data chunk when the (relative) graph position exceeds 2^32-1/GRAPH_DATA_WIDTH. Signed-off-by: Taylor Blau --- commit-graph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commit-graph.c b/commit-graph.c index ca1d997516..35f700273b 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -979,7 +979,7 @@ static struct tree *load_tree_for_commit(struct repository *r, g = g->base_graph; commit_data = g->chunk_commit_data + - GRAPH_DATA_WIDTH * (graph_pos - g->num_commits_in_base); + st_mult(GRAPH_DATA_WIDTH, graph_pos - g->num_commits_in_base); oidread(&oid, commit_data); set_commit_tree(c, lookup_tree(r, &oid)); From patchwork Wed Jul 12 23:38:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311039 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 044A0EB64DD for ; Wed, 12 Jul 2023 23:38:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233423AbjGLXir (ORCPT ); Wed, 12 Jul 2023 19:38:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233171AbjGLXid (ORCPT ); Wed, 12 Jul 2023 19:38:33 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A9CF2689 for ; Wed, 12 Jul 2023 16:38:12 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-c1aad78d5b2so2017785276.0 for ; Wed, 12 Jul 2023 16:38:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205092; x=1691797092; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+BuDXyj4t6pxRONY6+ks8ATUP26JKbQh8TuvcfpQStc=; b=uG6vKNPufbxPtM4H/e3Smq/yc97tdcdb2f2xYEfu3Ck2UAtRN9uDr6Bn1mGbtCg5Pt 7phE0OkTRoDwItDK0c/l8CM8sLb2dW+VQJ21+DwDkXnu/oMkQXp7jiSrFBrAj5wibljd m7ZQDF650hbWWVQME470XzQKSBgvwzwjMeaF4bRUz3a8OXN0k9dDkCr/Yc7tS1aWyTfV F06oK6dwJdQ1ztel9v+sLDZOT4wxYwqyTtjva/tyG6XPM4ZtXLVQeAlIT5mnGa3GImeg f74fbtqxbT4KEj7QJD+05uHEU1rGsJ1ynl2rC+8y2qvNidiVPezoWDi7ZlobhEE5kRFf TNqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205092; x=1691797092; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+BuDXyj4t6pxRONY6+ks8ATUP26JKbQh8TuvcfpQStc=; b=GXokgPiNpOoURVx0LmZgVMT9xcZrhR0O6NHYynnZQwrvejR+VITrrCq1K/tszFVNzy WWKaf4XdDuQKxAcG6OReP6XIowqsH4eZsz83mmQP2T3p50xW++mCLUjBT27oz83s0pdR piD60WsPqGLO9kPmfFMr4jdeNMIn4zYcvzHqcOyJV1xEfdgGx3fF3/pygB5tqHQOG6l9 ulRiE12qEQJnXh+39qMpadtLDLAVD5qwrHG5pvHtzV2KZqh3PWUD0H7KoOIeXBheqfiX p86dwVoe7nbZIA//A0CAeE3Izh0v1LSJODsYcpcGlIh7l114W4iSHmX/2NtN8Dai3MF2 V6Iw== X-Gm-Message-State: ABy/qLY84c3cUN1/hILS4C2w0n3ZuKc5+lxWdfgh4Q5sMg6INUJddQ5x oArBRHwrdyc55AYU1tsnU3n+yNGXz2hUqGEO+m/X4g== X-Google-Smtp-Source: APBJJlG2mySgSdZeeDOLKMJtY/7MOjNVCQDN6r9dl+pl3ww4ope1FNxHwy9fyYkGw8UPo43efL+3Cw== X-Received: by 2002:a25:d68e:0:b0:bc3:7ee1:8d4e with SMTP id n136-20020a25d68e000000b00bc37ee18d4emr226440ybg.24.1689205091976; Wed, 12 Jul 2023 16:38:11 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id o13-20020a256b4d000000b00ca483619498sm526264ybm.6.2023.07.12.16.38.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:11 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:11 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 17/20] commit-graph.c: prevent overflow in `split_graph_merge_strategy()` Message-ID: <8d43e3bab557a85f5c22abb750ebbe9885444690.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when choosing how to split and merge different layers of the commit-graph. In particular, avoid a potential overflow between `size_mult` and `num_commits`, as well as a potential overflow between the number of commits currently in the merged graph, and the number of commits in the graph about to be merged. Signed-off-by: Taylor Blau --- commit-graph.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/commit-graph.c b/commit-graph.c index 35f700273b..8010e0763e 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -2111,11 +2111,16 @@ static void split_graph_merge_strategy(struct write_commit_graph_context *ctx) if (flags != COMMIT_GRAPH_SPLIT_MERGE_PROHIBITED && flags != COMMIT_GRAPH_SPLIT_REPLACE) { - while (g && (g->num_commits <= size_mult * num_commits || + while (g && (g->num_commits <= st_mult(size_mult, num_commits) || (max_commits && num_commits > max_commits))) { if (g->odb != ctx->odb) break; + if (unsigned_add_overflows(num_commits, g->num_commits)) + die(_("cannot merge graphs with %"PRIuMAX", " + "%"PRIuMAX" commits"), + (uintmax_t)num_commits, + (uintmax_t)g->num_commits); num_commits += g->num_commits; g = g->base_graph; From patchwork Wed Jul 12 23:38:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311041 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF59EB64DA for ; Wed, 12 Jul 2023 23:38:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233354AbjGLXi6 (ORCPT ); Wed, 12 Jul 2023 19:38:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233360AbjGLXim (ORCPT ); Wed, 12 Jul 2023 19:38:42 -0400 Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59BA32707 for ; Wed, 12 Jul 2023 16:38:16 -0700 (PDT) Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-577412111f0so88156647b3.0 for ; Wed, 12 Jul 2023 16:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205094; x=1691797094; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=QpgFrrXneU3h2NNXvTA4B6p+UpggFpNMU+6bC1dHaEY=; b=dZ4pGhxhSZrcGEBcj8gDDCCo/B3fx5s5HM3xwpohdzGZHVXwLgDnmYq1E0eo4TNElv XlDazy2Ez2fZh0T2U7uqigsvE0kGQ3fepmJG65w0J6jQP/EjcieviH/Ap8JvEviXz5C7 o+uFgKH0S5f7+S+VBcSVYBJdhkARHU0aPOXhc0DmMMqMjb2OEN6FeOifFQpqvXXWv78h 6h3h2tB0RWTx6UG5G3MsQpp26/U/2JtGbKXcgj3kC1uDWEAEP6yZnElNxOM2++hes7A3 KflhwsAo5tlGyQBT8LnfU92T7X6qC1qZl1x3y+/62hpNF0jLbpr8fC2mhCcEuxVK2y73 hP/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205094; x=1691797094; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QpgFrrXneU3h2NNXvTA4B6p+UpggFpNMU+6bC1dHaEY=; b=YdzE/hgZuq5AKlEM6/BrVhv1rEVMcekzF9KxKIQ/VfsjW8D0NoLk1HPFPmQmyQZ/hU wE+ueqJURfPFx76+hJ/oKyOF7skHQpisvzmInZKBZAtJBVNcHBSxplxiyAaoDKbf7R6C Z4kuWV6MZXr+UIcnQAa/R5tbe8Cc1dyVyVQ7qfeQ0FTtAGp5BZAiEtjhqRsIVNIkZIRj zs/pxbQwFyph9QO6yG3aI+7g1A41YxTFG2spDk+hoJ4Q4nVWwtj86B0G+OyGzc4BkBep FV5puecQGdbvSy9wz/FA70zFFxg7R92aLetKrl6+zaA2OaxINSa5BIGkEpfGxvF1qRBe Gz6A== X-Gm-Message-State: ABy/qLaarja959MGbn4qhRMwNkjxMz4XSarqL5/ij5c06fdmPv6EL5zo yz6rLCXmncIuqdKH/pRp0wS87rNSUXPmZWLy+mLFaw== X-Google-Smtp-Source: APBJJlFECIAi/EB4Jo0jEpqxlEG0Uw61sIod/2G8eTnX3Dm6Vr6UNH/T/4iPxSj2oqmzbTAJRLNcbA== X-Received: by 2002:a81:4e16:0:b0:577:1909:ee16 with SMTP id c22-20020a814e16000000b005771909ee16mr86248ywb.30.1689205094604; Wed, 12 Jul 2023 16:38:14 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id o123-20020a0dfe81000000b0057069c60799sm1468233ywf.53.2023.07.12.16.38.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:14 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:13 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 18/20] commit-graph.c: prevent overflow in `merge_commit_graph()` Message-ID: <094aca51c2c23fe74016c60d5ba31c325da038d2.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org When merging two commit graphs, ensure that we don't attempt to merge two graphs which, when combined, have more total commits than the 32-bit unsigned maximum. Signed-off-by: Taylor Blau --- commit-graph.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/commit-graph.c b/commit-graph.c index 8010e0763e..c679d1d633 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -2178,6 +2178,11 @@ static void merge_commit_graph(struct write_commit_graph_context *ctx, uint32_t i; uint32_t offset = g->num_commits_in_base; + if (unsigned_add_overflows(ctx->commits.nr, g->num_commits)) + die(_("cannot merge graph %s, too many commits: %"PRIuMAX), + oid_to_hex(&g->oid), + (uintmax_t)st_add(ctx->commits.nr, g->num_commits)); + ALLOC_GROW(ctx->commits.list, ctx->commits.nr + g->num_commits, ctx->commits.alloc); for (i = 0; i < g->num_commits; i++) { From patchwork Wed Jul 12 23:38:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311042 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F9B8EB64DD for ; Wed, 12 Jul 2023 23:39:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233338AbjGLXjC (ORCPT ); Wed, 12 Jul 2023 19:39:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233386AbjGLXio (ORCPT ); Wed, 12 Jul 2023 19:38:44 -0400 Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00767271D for ; Wed, 12 Jul 2023 16:38:18 -0700 (PDT) Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-5701eaf0d04so82685297b3.2 for ; Wed, 12 Jul 2023 16:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205097; x=1691797097; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=6/yCMnBjZ80OCGsH7OzR4KkM/rLSwaeYmCJWm+5iPbA=; b=TlJFs+EsCjQ871PIpmfwQ5eQbdR6OmZySa29sfWWdF3txtDczPVmVrN7vXGeINaajp ryIo2J6kPQ8B12+LliN0j2V2YmBOGHMOjy29Zf5le+txFzBMekPFOxAl8aweiLPUILx2 X0hIZacLDUAekVVb77NFzYo4nNRt8U4MlMGu3+/Lh5g3LwM6dgbsyv/87gEV+cwuQpoK 7fT/LUL4PlWBT1tMF8cK53L7aDMvRxbHj8ZUyztVYxD0SIsyAKf8pRfMlD2tNmrdmMyY V2923WavukvqCZM+3b9rQt3a0/FkggaLvBUwZdIgBtBv50sDBfQytw2+TW6RIE/ImKun ZoBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205097; x=1691797097; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6/yCMnBjZ80OCGsH7OzR4KkM/rLSwaeYmCJWm+5iPbA=; b=lBny9bKuBJ932PTK/KltKKamQEBVufTQUhho/EYnip9/D9mu/uaNhX+Bwfjkrldw5c BU2VNR+iWwhAe48FiPhpzFQwgSiN9hNgY3md4CH/mMVsr5qLSAs0co1fuU4caheej7eF 0UVulhk+OPjim/xnSoOIslnrOUJjzTHwlCrMQqfgHSIYeJwqOIIfXgGcVZVODiHuR8Ze hRV2xScrExNlBbGtOwuRN5eay6KkSpG7xdG8X1WRWRcmPbFAFx0U8kqEHWs/UVhRLjZD mxJ2ek2T+8Ry6kL9Ut6tYZxAn7eyib20KoEXC+V+E+TjRLw5EtbyAT5lvDeMKX8qwkuh x89g== X-Gm-Message-State: ABy/qLZL5ZNNObDp4MkpIE4cA9aoNKEmMzJ00ONO2hJZCBq6yhl7mdcj C2iZXotwJmCbmgBexRL/via0Uf4zQItM578F8yCsmw== X-Google-Smtp-Source: APBJJlGsLk8RCBkf9thnADcVDUGy2+UCHUO+u7dtWYUODcOGFn2xSvUsOxNurqCiy7zGjqV2GO3EvQ== X-Received: by 2002:a0d:c986:0:b0:561:d1ef:3723 with SMTP id l128-20020a0dc986000000b00561d1ef3723mr102933ywd.38.1689205097716; Wed, 12 Jul 2023 16:38:17 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id b126-20020a0dc084000000b0056d443372f0sm1467412ywd.119.2023.07.12.16.38.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:17 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:16 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 19/20] commit-graph.c: prevent overflow in `write_commit_graph()` Message-ID: <9f66e1e6eeb7386010d7387c37766260bf38b338.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when trying to read an existing OID while writing a new commit-graph. Signed-off-by: Taylor Blau --- commit-graph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commit-graph.c b/commit-graph.c index c679d1d633..20d9296c8b 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -2453,7 +2453,7 @@ int write_commit_graph(struct object_directory *odb, struct commit_graph *g = ctx->r->objects->commit_graph; for (i = 0; i < g->num_commits; i++) { struct object_id oid; - oidread(&oid, g->chunk_oid_lookup + g->hash_len * i); + oidread(&oid, g->chunk_oid_lookup + st_mult(g->hash_len, i)); oid_array_append(&ctx->oids, &oid); } } From patchwork Wed Jul 12 23:38:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taylor Blau X-Patchwork-Id: 13311043 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B14EFEB64DA for ; Wed, 12 Jul 2023 23:39:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232477AbjGLXjF (ORCPT ); Wed, 12 Jul 2023 19:39:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233023AbjGLXiq (ORCPT ); Wed, 12 Jul 2023 19:38:46 -0400 Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53540272C for ; Wed, 12 Jul 2023 16:38:21 -0700 (PDT) Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-5701eaf0d04so82685697b3.2 for ; Wed, 12 Jul 2023 16:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ttaylorr-com.20221208.gappssmtp.com; s=20221208; t=1689205100; x=1691797100; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=p30Z1OFGsL5nDL4WvWSG0hJmT7eu7c5o0Zjtih24t5k=; b=GzdXtb/iboi9v9EA2ibXAIGzlLpFlYt0CHPqE5z0iq2PRQlGLIMAKMY7zGmb9pRgFL fPXXpM8/z80pxmRm7C2ywxZyvsgSbDhGU0icRNU3WaEjqP2fblcctSMkHy7xXDDpOn8S OvZeovhUqjU2ximvQPCbFfSUI55FscRIdaY9bDTZEuwPac/qxlfdlUbnETGFiJc7W5eY jZUgoAvN+jLJNQKpUy4mw4t1RiMTXbGp8fjPdj81YVhKbMpW24FavDiOVzRUBfNKd6jz cz4kB+HIGJXXOnLhQZF1bTyfeouhFYgYd/WkcW5NYJlUOP2Y8B/yAq+rXhLjg8Ck9sy/ O8wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689205100; x=1691797100; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=p30Z1OFGsL5nDL4WvWSG0hJmT7eu7c5o0Zjtih24t5k=; b=Vk4AGGKm92BRRRr5IeNuwOntKAR6NiYAZQIXjIj8UCufsdOgqFW75XjazEjCcxP3N2 OROELsOqqOlwSBhCO9uyJl3aCwz6BfDt9Wg5fj2AJSBwG4LKEvLJC/kxVw7yDQafeePl 4Oei5Ad0sOCmoMDP2TUFQtbvB7c33N5m2nr2nOchhoW/67kTzti1Qshi3cshQsqrwLA3 FybK8Qr9jN3qbPHZ4/+UqzQlwRT7xBNIHQeGKvibR1fs20DhDR2BXMWLeTykraDbRakH w8yybkNsYBvca+59JxIoEp4iE6rXZpecEprZ9OrM+viQcFrxuSlYs1bLbGlBljdUOX/B 9QDw== X-Gm-Message-State: ABy/qLaYQ2b1q683AUFLx5h5njOjTZzPvU3/AAbS7PuGMtNM3NjyAr2M /0s1A4TyLPIW8/R7kwhrZMMYhWANKObGZyHQnd6bGQ== X-Google-Smtp-Source: APBJJlFe/CsapXUCEq2JZImoIRrSMtWPSVM0lp3cUEAziWnujmuaL4Z2JPQ9hKXBerM/sSZS/hcV/g== X-Received: by 2002:a0d:d445:0:b0:575:4b1c:e5f0 with SMTP id w66-20020a0dd445000000b005754b1ce5f0mr105544ywd.32.1689205100287; Wed, 12 Jul 2023 16:38:20 -0700 (PDT) Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) by smtp.gmail.com with ESMTPSA id w1-20020a5b05c1000000b00bcb4ac1fbc6sm1137705ybp.30.2023.07.12.16.38.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 16:38:20 -0700 (PDT) Date: Wed, 12 Jul 2023 19:38:19 -0400 From: Taylor Blau To: git@vger.kernel.org Cc: Derrick Stolee , Jeff King , Johannes Schindelin , Junio C Hamano , Victoria Dye Subject: [PATCH 20/20] commit-graph.c: prevent overflow in `verify_commit_graph()` Message-ID: <55fff3eb84d8a70aa370aedaf1057ad292435a67.1689205042.git.me@ttaylorr.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a similar spirit as previous commits, ensure that we don't overflow when trying to read an OID out of an existing commit-graph during verification. Signed-off-by: Taylor Blau --- commit-graph.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/commit-graph.c b/commit-graph.c index 20d9296c8b..f7a3f97401 100644 --- a/commit-graph.c +++ b/commit-graph.c @@ -2584,7 +2584,7 @@ int verify_commit_graph(struct repository *r, struct commit_graph *g, int flags) for (i = 0; i < g->num_commits; i++) { struct commit *graph_commit; - oidread(&cur_oid, g->chunk_oid_lookup + g->hash_len * i); + oidread(&cur_oid, g->chunk_oid_lookup + st_mult(g->hash_len, i)); if (i && oidcmp(&prev_oid, &cur_oid) >= 0) graph_report(_("commit-graph has incorrect OID order: %s then %s"), @@ -2632,7 +2632,7 @@ int verify_commit_graph(struct repository *r, struct commit_graph *g, int flags) timestamp_t generation; display_progress(progress, i + 1); - oidread(&cur_oid, g->chunk_oid_lookup + g->hash_len * i); + oidread(&cur_oid, g->chunk_oid_lookup + st_mult(g->hash_len, i)); graph_commit = lookup_commit(r, &cur_oid); odb_commit = (struct commit *)create_object(r, &cur_oid, alloc_commit_node(r));