Unverified Commit 7f6fdb82 by Edward Thomson Committed by GitHub

Merge pull request #5312 from pks-t/pks/patch-base85-overflow

patch_parse: fix out-of-bounds reads caused by integer underflow
parents 7f20778b 33e6c402
...@@ -808,7 +808,7 @@ static int parse_patch_binary_side( ...@@ -808,7 +808,7 @@ static int parse_patch_binary_side(
encoded_len = ((decoded_len / 4) + !!(decoded_len % 4)) * 5; encoded_len = ((decoded_len / 4) + !!(decoded_len % 4)) * 5;
if (encoded_len > ctx->parse_ctx.line_len - 1) { if (!encoded_len || !ctx->parse_ctx.line_len || encoded_len > ctx->parse_ctx.line_len - 1) {
error = git_parse_err("truncated binary data at line %"PRIuZ, ctx->parse_ctx.line_num); error = git_parse_err("truncated binary data at line %"PRIuZ, ctx->parse_ctx.line_num);
goto done; goto done;
} }
......
...@@ -184,6 +184,14 @@ void test_patch_parse__binary_file_path_without_body_paths(void) ...@@ -184,6 +184,14 @@ void test_patch_parse__binary_file_path_without_body_paths(void)
strlen(PATCH_BINARY_FILE_PATH_WITHOUT_BODY_PATHS), NULL)); strlen(PATCH_BINARY_FILE_PATH_WITHOUT_BODY_PATHS), NULL));
} }
void test_patch_parse__binary_file_with_truncated_delta(void)
{
git_patch *patch;
cl_git_fail(git_patch_from_buffer(&patch, PATCH_BINARY_FILE_WITH_TRUNCATED_DELTA,
strlen(PATCH_BINARY_FILE_WITH_TRUNCATED_DELTA), NULL));
cl_assert_equal_s(git_error_last()->message, "truncated binary data at line 5");
}
void test_patch_parse__memory_leak_on_multiple_paths(void) void test_patch_parse__memory_leak_on_multiple_paths(void)
{ {
git_patch *patch; git_patch *patch;
......
...@@ -974,6 +974,13 @@ ...@@ -974,6 +974,13 @@
"+++ \n" \ "+++ \n" \
"Binary files a b c and d e f differ" "Binary files a b c and d e f differ"
#define PATCH_BINARY_FILE_WITH_TRUNCATED_DELTA \
"diff --git a/file b/file\n" \
"index 1420..b71f\n" \
"GIT binary patch\n" \
"delta 7\n" \
"d"
#define PATCH_MULTIPLE_OLD_PATHS \ #define PATCH_MULTIPLE_OLD_PATHS \
"diff --git \n" \ "diff --git \n" \
"--- \n" \ "--- \n" \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment