Before printing into a `git_buf` structure, we always call `ENSURE_SIZE` first. This macro will reallocate the buffer as-needed depending on whether the current amount of allocated bytes is sufficient or not. If `asize` is big enough, then it will just do nothing, otherwise it will call out to `git_buf_try_grow`. But in fact, it is insufficient to only check `asize`. When we fail to allocate any more bytes e.g. via `git_buf_try_grow`, then we set the buffer's pointer to `git_buf__oom`. Note that we touch neither `asize` nor `size`. So if we just check `asize > targetsize`, then we will happily let the caller of `ENSURE_SIZE` proceed with an out-of-memory buffer. As a result, we will print all bytes into the out-of-memory buffer instead, resulting in an out-of-bounds write. Fix the issue by having `ENSURE_SIZE` verify that the buffer is not marked as OOM. Add a test to verify that we're not writing into the OOM buffer.
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
array.c | Loading commit data... | |
bitvec.c | Loading commit data... | |
buffer.c | Loading commit data... | |
copy.c | Loading commit data... | |
dirent.c | Loading commit data... | |
encoding.c | Loading commit data... | |
env.c | Loading commit data... | |
errors.c | Loading commit data... | |
features.c | Loading commit data... | |
filebuf.c | Loading commit data... | |
ftruncate.c | Loading commit data... | |
futils.c | Loading commit data... | |
hex.c | Loading commit data... | |
iconv.c | Loading commit data... | |
init.c | Loading commit data... | |
link.c | Loading commit data... | |
memmem.c | Loading commit data... | |
mkdir.c | Loading commit data... | |
oid.c | Loading commit data... | |
oidmap.c | Loading commit data... | |
opts.c | Loading commit data... | |
path.c | Loading commit data... | |
pool.c | Loading commit data... | |
posix.c | Loading commit data... | |
pqueue.c | Loading commit data... | |
rmdir.c | Loading commit data... | |
sha1.c | Loading commit data... | |
sortedcache.c | Loading commit data... | |
stat.c | Loading commit data... | |
string.c | Loading commit data... | |
strmap.c | Loading commit data... | |
strtol.c | Loading commit data... | |
structinit.c | Loading commit data... | |
useragent.c | Loading commit data... | |
vector.c | Loading commit data... | |
zstream.c | Loading commit data... |