commit-graph.c: prevent overflow in `merge_commit_graph()` When merging two commit graphs, ensure that we don't attempt to merge two graphs which, when combined, have more total commits than the 32-bit unsigned maximum. Signed-off-by: Taylor Blau <me@ttaylorr.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: d76e0a744d3a8c1713f0e913325cab7da92f01ef [log] [tgz]
author: Taylor Blau <me@ttaylorr.com> Wed Jul 12 19:38:13 2023 -0400
committer: Junio C Hamano <gitster@pobox.com> Fri Jul 14 09:32:03 2023 -0700
tree: a8bc9e3f992a67b8fc27a33399edc07c1900b9b5
parent: 19565d093d248ba4c2330d96314a547feed41112 [diff]
diff --git a/commit-graph.c b/commit-graph.c
index d9795e3..8333ce8 100644
--- a/commit-graph.c
+++ b/commit-graph.c

@@ -2179,6 +2179,11 @@ static void merge_commit_graph(struct write_commit_graph_context *ctx,
 	uint32_t i;
 	uint32_t offset = g->num_commits_in_base;
 
+	if (unsigned_add_overflows(ctx->commits.nr, g->num_commits))
+		die(_("cannot merge graph %s, too many commits: %"PRIuMAX),
+		    oid_to_hex(&g->oid),
+		    (uintmax_t)st_add(ctx->commits.nr, g->num_commits));
+
 	ALLOC_GROW(ctx->commits.list, ctx->commits.nr + g->num_commits, ctx->commits.alloc);
 
 	for (i = 0; i < g->num_commits; i++) {
commit	d76e0a744d3a8c1713f0e913325cab7da92f01ef	[log] [tgz]
author	Taylor Blau <me@ttaylorr.com>	Wed Jul 12 19:38:13 2023 -0400
committer	Junio C Hamano <gitster@pobox.com>	Fri Jul 14 09:32:03 2023 -0700
tree	a8bc9e3f992a67b8fc27a33399edc07c1900b9b5
parent	19565d093d248ba4c2330d96314a547feed41112 [diff]