Files · 21652ee9de439e042cc2e69b208aa2ef8ce31147 · lvzhengyang / git2

tree-cache: avoid out-of-bound reads when parsing trees · 21652ee9

We use the `git__strtol32` function to parse the child and entry count
of treecaches from the index, which do not accept a buffer length. As
the buffer that is being passed in is untrusted data and may thus be
malformed and may not contain a terminating `NUL` byte, we can overrun
the buffer and thus perform an out-of-bounds read.

Fix the issue by uzing `git__strntol32` instead.

committed Oct 18, 2018

21652ee9

Name	Last commit	Last update
.github		Loading commit data...
ci		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
fuzzers		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
COPYING		Loading commit data...
README.md		Loading commit data...
api.docurium		Loading commit data...
azure-pipelines.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
libgit2_clar.supp		Loading commit data...
package.json		Loading commit data...

README.md