index: fix potential overflow

mode field of git_index_entry_unmerged is array of unsigned ints. It's unsafe to cast pointer to an element of the array to long int *. It may cause overflow in git_strtol32(). Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>

index: fix potential overflow
mode field of git_index_entry_unmerged is array of unsigned ints. It's unsafe to cast pointer to an element of the array to long int *. It may cause overflow in git_strtol32(). Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
b16692fa · Kirill A. Shutemov · Vicent Marti · ae9f771c · b16692fa
Commit b16692fa authored Jul 12, 2011 by Kirill A. Shutemov Committed by Vicent Marti Jul 13, 2011
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

src/index.c
+6 -2

No files found.
--- a/src/index.c
+++ b/src/index.c
@@ -657,10 +657,14 @@ static int read_unmerged(git_index *index, const char *buffer, size_t size)
 		buffer += len;
 		for (i = 0; i < 3; i++) {
-			if (git__strtol32((long int *) &lost->mode[i], buffer, &endptr, 8) < GIT_SUCCESS ||
+			long tmp;
-				!endptr || endptr == buffer || *endptr)
+			if (git__strtol32(&tmp, buffer, &endptr, 8) < GIT_SUCCESS ||
+				!endptr || endptr == buffer || *endptr || tmp > UINT_MAX)
 				return GIT_ERROR;
+			lost->mode[i] = tmp;
 			len = (endptr + 1) - buffer;
 			if (size <= len)
 				return git__throw(GIT_ERROR, "Failed to read unmerged entries");