multi-pack-index: verify corrupt chunk lookup table
authorDerrick Stolee <dstolee@microsoft.com>
Thu, 13 Sep 2018 18:02:16 +0000 (11:02 -0700)
committerJunio C Hamano <gitster@pobox.com>
Mon, 17 Sep 2018 20:49:41 +0000 (13:49 -0700)
Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
midx.c
t/t5319-multi-pack-index.sh

diff --git a/midx.c b/midx.c
index 7199b83..9e43216 100644 (file)
--- a/midx.c
+++ b/midx.c
@@ -100,6 +100,9 @@ struct multi_pack_index *load_multi_pack_index(const char *object_dir, int local
                uint64_t chunk_offset = get_be64(m->data + MIDX_HEADER_SIZE + 4 +
                                                 MIDX_CHUNKLOOKUP_WIDTH * i);
 
                uint64_t chunk_offset = get_be64(m->data + MIDX_HEADER_SIZE + 4 +
                                                 MIDX_CHUNKLOOKUP_WIDTH * i);
 
+               if (chunk_offset >= m->data_len)
+                       die(_("invalid chunk offset (too large)"));
+
                switch (chunk_id) {
                        case MIDX_CHUNKID_PACKNAMES:
                                m->chunk_pack_names = m->data + chunk_offset;
                switch (chunk_id) {
                        case MIDX_CHUNKID_PACKNAMES:
                                m->chunk_pack_names = m->data + chunk_offset;
index e04b5f4..c54b6e7 100755 (executable)
@@ -178,6 +178,9 @@ test_expect_success 'verify bad signature' '
 MIDX_BYTE_VERSION=4
 MIDX_BYTE_OID_VERSION=5
 MIDX_BYTE_CHUNK_COUNT=6
 MIDX_BYTE_VERSION=4
 MIDX_BYTE_OID_VERSION=5
 MIDX_BYTE_CHUNK_COUNT=6
+MIDX_HEADER_SIZE=12
+MIDX_BYTE_CHUNK_ID=$MIDX_HEADER_SIZE
+MIDX_BYTE_CHUNK_OFFSET=$(($MIDX_HEADER_SIZE + 4))
 
 test_expect_success 'verify bad version' '
        corrupt_midx_and_verify $MIDX_BYTE_VERSION "\00" $objdir \
 
 test_expect_success 'verify bad version' '
        corrupt_midx_and_verify $MIDX_BYTE_VERSION "\00" $objdir \
@@ -199,6 +202,16 @@ test_expect_success 'verify extended chunk count' '
                "terminating multi-pack-index chunk id appears earlier than expected"
 '
 
                "terminating multi-pack-index chunk id appears earlier than expected"
 '
 
+test_expect_success 'verify missing required chunk' '
+       corrupt_midx_and_verify $MIDX_BYTE_CHUNK_ID "\01" $objdir \
+               "missing required"
+'
+
+test_expect_success 'verify invalid chunk offset' '
+       corrupt_midx_and_verify $MIDX_BYTE_CHUNK_OFFSET "\01" $objdir \
+               "invalid chunk offset (too large)"
+'
+
 test_expect_success 'repack removes multi-pack-index' '
        test_path_is_file $objdir/pack/multi-pack-index &&
        git repack -adf &&
 test_expect_success 'repack removes multi-pack-index' '
        test_path_is_file $objdir/pack/multi-pack-index &&
        git repack -adf &&