https://github.com/git/git
Revision e1e12e97ac73ded85f7d000da1063a774b3cc14f authored by Patrick Steinhardt on 01 December 2022, 14:45:36 UTC, committed by Junio C Hamano on 05 December 2022, 06:14:16 UTC
Attributes have a field that tracks the position in the `all_attrs` array they're stored inside. This field gets set via `hashmap_get_size` when adding the attribute to the global map of attributes. But while the field is of type `int`, the value returned by `hashmap_get_size` is an `unsigned int`. It can thus happen that the value overflows, where we would now dereference teh `all_attrs` array at an out-of-bounds value. We do have a sanity check for this overflow via an assert that verifies the index matches the new hashmap's size. But asserts are not a proper mechanism to detect against any such overflows as they may not in fact be compiled into production code. Fix this by using an `unsigned int` to track the index and convert the assert to a call `die()`. Reported-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 447ac90
Tip revision: e1e12e97ac73ded85f7d000da1063a774b3cc14f authored by Patrick Steinhardt on 01 December 2022, 14:45:36 UTC
attr: fix integer overflow with more than INT_MAX macros
attr: fix integer overflow with more than INT_MAX macros
Tip revision: e1e12e9
oidmap.h
#ifndef OIDMAP_H
#define OIDMAP_H
#include "cache.h"
#include "hashmap.h"
/*
* struct oidmap_entry is a structure representing an entry in the hash table,
* which must be used as first member of user data structures.
*
* Users should set the oid field. oidmap_put() will populate the
* internal_entry field.
*/
struct oidmap_entry {
/* For internal use only */
struct hashmap_entry internal_entry;
struct object_id oid;
};
struct oidmap {
struct hashmap map;
};
#define OIDMAP_INIT { { NULL } }
/*
* Initializes an oidmap structure.
*
* `map` is the oidmap to initialize.
*
* If the total number of entries is known in advance, the `initial_size`
* parameter may be used to preallocate a sufficiently large table and thus
* prevent expensive resizing. If 0, the table is dynamically resized.
*/
void oidmap_init(struct oidmap *map, size_t initial_size);
/*
* Frees an oidmap structure and allocated memory.
*
* If `free_entries` is true, each oidmap_entry in the map is freed as well
* using stdlibs free().
*/
void oidmap_free(struct oidmap *map, int free_entries);
/*
* Returns the oidmap entry for the specified oid, or NULL if not found.
*/
void *oidmap_get(const struct oidmap *map,
const struct object_id *key);
/*
* Adds or replaces an oidmap entry.
*
* ((struct oidmap_entry *) entry)->internal_entry will be populated by this
* function.
*
* Returns the replaced entry, or NULL if not found (i.e. the entry was added).
*/
void *oidmap_put(struct oidmap *map, void *entry);
/*
* Removes an oidmap entry matching the specified oid.
*
* Returns the removed entry, or NULL if not found.
*/
void *oidmap_remove(struct oidmap *map, const struct object_id *key);
struct oidmap_iter {
struct hashmap_iter h_iter;
};
static inline void oidmap_iter_init(struct oidmap *map, struct oidmap_iter *iter)
{
hashmap_iter_init(&map->map, &iter->h_iter);
}
static inline void *oidmap_iter_next(struct oidmap_iter *iter)
{
/* TODO: this API could be reworked to do compile-time type checks */
return (void *)hashmap_iter_next(&iter->h_iter);
}
static inline void *oidmap_iter_first(struct oidmap *map,
struct oidmap_iter *iter)
{
oidmap_iter_init(map, iter);
/* TODO: this API could be reworked to do compile-time type checks */
return (void *)oidmap_iter_next(iter);
}
#endif
Computing file changes ...
