Commit 61d7328d by Patrick Steinhardt

object: avoid call of memset with ouf of bounds pointer

When computing a short OID we do this by first copying the
leading parts into the new OID structure and then setting the
trailing part to zero. In the case of the desired length being
`GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds
pointer and a length of 0. While this seems to cause no problems
for common platforms the C89 standard does not explicitly state
that calling `memset` with an out of bounds pointer and
length of 0 is valid.

Fix the potential issue by using the newly introduced
`git_oid__cpy_prefix` function.
parent e126bc95
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
#include "commit.h" #include "commit.h"
#include "tree.h" #include "tree.h"
#include "blob.h" #include "blob.h"
#include "oid.h"
#include "tag.h" #include "tag.h"
bool git_object__strict_input_validation = true; bool git_object__strict_input_validation = true;
...@@ -166,13 +167,9 @@ int git_object_lookup_prefix( ...@@ -166,13 +167,9 @@ int git_object_lookup_prefix(
error = git_odb_read(&odb_obj, odb, id); error = git_odb_read(&odb_obj, odb, id);
} }
} else { } else {
git_oid short_oid; git_oid short_oid = {{ 0 }};
/* We copy the first len*4 bits from id and fill the remaining with 0s */ git_oid__cpy_prefix(&short_oid, id, len);
memcpy(short_oid.id, id->id, (len + 1) / 2);
if (len % 2)
short_oid.id[len / 2] &= 0xF0;
memset(short_oid.id + (len + 1) / 2, 0, (GIT_OID_HEXSZ - len) / 2);
/* If len < GIT_OID_HEXSZ (a strict short oid was given), we have /* If len < GIT_OID_HEXSZ (a strict short oid was given), we have
* 2 options : * 2 options :
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment