Google Git
Sign in
googlers / jrn / git / e7792a74bcf7fcd554b4546fc91122b8c2af7d75
commite7792a74bcf7fcd554b4546fc91122b8c2af7d75[log] [tgz]
authorJeff King <peff@peff.net>Mon Feb 22 17:43:18 2016 -0500
committerJunio C Hamano <gitster@pobox.com>Mon Feb 22 14:50:32 2016 -0800
treef20e2c07219368119a058fc93a6b632abbe0dc54
parent5b442c4f2723211ce0d862571e88ee206bfd51bf [diff]
harden REALLOC_ARRAY and xcalloc against size_t overflow

REALLOC_ARRAY inherently involves a multiplication which can
overflow size_t, resulting in a much smaller buffer than we
think we've allocated. We can easily harden it by using
st_mult() to check for overflow.  Likewise, we can add
ALLOC_ARRAY to do the same thing for xmalloc calls.

xcalloc() should already be fine, because it takes the two
factors separately, assuming the system calloc actually
checks for overflow. However, before we even hit the system
calloc(), we do our memory_limit_check, which involves a
multiplication. Let's check for overflow ourselves so that
this limit cannot be bypassed.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2 files changed
tree: f20e2c07219368119a058fc93a6b632abbe0dc54
  1. block-sha1/
  2. builtin/
  3. compat/
  4. contrib/
  5. Documentation/
  6. ewah/
  7. git-gui/
  8. gitk-git/
  9. gitweb/
  10. mergetools/
  11. perl/
  12. po/
  13. ppc/
  14. refs/
  15. t/
  16. templates/
  17. vcs-svn/
  18. xdiff/
  19. RelNotesDocumentation/RelNotes/2.7.1.txt
  20. .gitattributes
  21. .gitignore
  22. .mailmap
  23. .travis.yml
  24. abspath.c
  25. aclocal.m4
  26. advice.c
  27. advice.h
  28. alias.c
  29. alloc.c
  30. archive-tar.c
  31. archive-zip.c
  32. archive.c
  33. archive.h
  34. argv-array.c
  35. argv-array.h
  36. attr.c
  37. attr.h
  38. base85.c
  39. bisect.c
  40. bisect.h
  41. blob.c
  42. blob.h
  43. branch.c
  44. branch.h
  45. builtin.h
  46. bulk-checkin.c
  47. bulk-checkin.h
  48. bundle.c
  49. bundle.h
  50. cache-tree.c
  51. cache-tree.h
  52. cache.h
  53. check-builtins.sh
  54. check-racy.c
  55. check_bindir
  56. color.c
  57. color.h
  58. column.c
  59. column.h
  60. combine-diff.c
  61. command-list.txt
  62. commit-slab.h
  63. commit.c
  64. commit.h
  65. config.c
  66. config.mak.in
  67. config.mak.uname
  68. configure.ac
  69. connect.c
  70. connect.h
  71. connected.c
  72. connected.h
  73. convert.c
  74. convert.h
  75. copy.c
  76. COPYING
  77. credential-cache--daemon.c
  78. credential-cache.c
  79. credential-store.c
  80. credential.c
  81. credential.h
  82. csum-file.c
  83. csum-file.h
  84. ctype.c
  85. daemon.c
  86. date.c
  87. decorate.c
  88. decorate.h
  89. delta.h
  90. diff-delta.c
  91. diff-lib.c
  92. diff-no-index.c
  93. diff.c
  94. diff.h
  95. diffcore-break.c
  96. diffcore-delta.c
  97. diffcore-order.c
  98. diffcore-pickaxe.c
  99. diffcore-rename.c
  100. diffcore.h
  101. dir.c
  102. dir.h
  103. editor.c
  104. entry.c
  105. environment.c
  106. exec_cmd.c
  107. exec_cmd.h
  108. fast-import.c
  109. fetch-pack.c
  110. fetch-pack.h
  111. fmt-merge-msg.h
  112. fsck.c
  113. fsck.h
  114. generate-cmdlist.sh
  115. gettext.c
  116. gettext.h
  117. git-add--interactive.perl
  118. git-archimport.perl
  119. git-bisect.sh
  120. git-compat-util.h
  121. git-cvsexportcommit.perl
  122. git-cvsimport.perl
  123. git-cvsserver.perl
  124. git-difftool--helper.sh
  125. git-difftool.perl
  126. git-filter-branch.sh
  127. git-instaweb.sh
  128. git-merge-octopus.sh
  129. git-merge-one-file.sh
  130. git-merge-resolve.sh
  131. git-mergetool--lib.sh
  132. git-mergetool.sh
  133. git-p4.py
  134. git-parse-remote.sh
  135. git-quiltimport.sh
  136. git-rebase--am.sh
  137. git-rebase--interactive.sh
  138. git-rebase--merge.sh
  139. git-rebase.sh
  140. git-relink.perl
  141. git-remote-testgit.sh
  142. git-request-pull.sh
  143. git-send-email.perl
  144. git-sh-i18n.sh
  145. git-sh-setup.sh
  146. git-stash.sh
  147. git-submodule.sh
  148. git-svn.perl
  149. GIT-VERSION-GEN
  150. git-web--browse.sh
  151. git.c
  152. git.rc
  153. git.spec.in
  154. gpg-interface.c
  155. gpg-interface.h
  156. graph.c
  157. graph.h
  158. grep.c
  159. grep.h
  160. hashmap.c
  161. hashmap.h
  162. help.c
  163. help.h
  164. hex.c
  165. http-backend.c
  166. http-fetch.c
  167. http-push.c
  168. http-walker.c
  169. http.c
  170. http.h
  171. ident.c
  172. imap-send.c
  173. INSTALL
  174. khash.h
  175. kwset.c
  176. kwset.h
  177. levenshtein.c
  178. levenshtein.h
  179. LGPL-2.1
  180. line-log.c
  181. line-log.h
  182. line-range.c
  183. line-range.h
  184. list-objects.c
  185. list-objects.h
  186. ll-merge.c
  187. ll-merge.h
  188. lockfile.c
  189. lockfile.h
  190. log-tree.c
  191. log-tree.h
  192. mailinfo.c
  193. mailinfo.h
  194. mailmap.c
  195. mailmap.h
  196. Makefile
  197. match-trees.c
  198. merge-blobs.c
  199. merge-blobs.h
  200. merge-recursive.c
  201. merge-recursive.h
  202. merge.c
  203. mergesort.c
  204. mergesort.h
  205. name-hash.c
  206. notes-cache.c
  207. notes-cache.h
  208. notes-merge.c
  209. notes-merge.h
  210. notes-utils.c
  211. notes-utils.h
  212. notes.c
  213. notes.h
  214. object.c
  215. object.h
  216. pack-bitmap-write.c
  217. pack-bitmap.c
  218. pack-bitmap.h
  219. pack-check.c
  220. pack-objects.c
  221. pack-objects.h
  222. pack-revindex.c
  223. pack-revindex.h
  224. pack-write.c
  225. pack.h
  226. pager.c
  227. parse-options-cb.c
  228. parse-options.c
  229. parse-options.h
  230. patch-delta.c
  231. patch-ids.c
  232. patch-ids.h
  233. path.c
  234. pathspec.c
  235. pathspec.h
  236. pkt-line.c
  237. pkt-line.h
  238. preload-index.c
  239. pretty.c
  240. prio-queue.c
  241. prio-queue.h
  242. progress.c
  243. progress.h
  244. prompt.c
  245. prompt.h
  246. quote.c
  247. quote.h
  248. reachable.c
  249. reachable.h
  250. read-cache.c
  251. README
  252. ref-filter.c
  253. ref-filter.h
  254. reflog-walk.c
  255. reflog-walk.h
  256. refs.c
  257. refs.h
  258. remote-curl.c
  259. remote-testsvn.c
  260. remote.c
  261. remote.h
  262. replace_object.c
  263. rerere.c
  264. rerere.h
  265. resolve-undo.c
  266. resolve-undo.h
  267. revision.c
  268. revision.h
  269. run-command.c
  270. run-command.h
  271. send-pack.c
  272. send-pack.h
  273. sequencer.c
  274. sequencer.h
  275. server-info.c
  276. setup.c
  277. sh-i18n--envsubst.c
  278. sha1-array.c
  279. sha1-array.h
  280. sha1-lookup.c
  281. sha1-lookup.h
  282. sha1_file.c
  283. sha1_name.c
  284. shallow.c
  285. shell.c
  286. shortlog.h
  287. show-index.c
  288. sideband.c
  289. sideband.h
  290. sigchain.c
  291. sigchain.h
  292. split-index.c
  293. split-index.h
  294. strbuf.c
  295. strbuf.h
  296. streaming.c
  297. streaming.h
  298. string-list.c
  299. string-list.h
  300. submodule-config.c
  301. submodule-config.h
  302. submodule.c
  303. submodule.h
  304. symlinks.c
  305. tag.c
  306. tag.h
  307. tar.h
  308. tempfile.c
  309. tempfile.h
  310. test-chmtime.c
  311. test-config.c
  312. test-ctype.c
  313. test-date.c
  314. test-delta.c
  315. test-dump-cache-tree.c
  316. test-dump-split-index.c
  317. test-dump-untracked-cache.c
  318. test-genrandom.c
  319. test-hashmap.c
  320. test-index-version.c
  321. test-line-buffer.c
  322. test-match-trees.c
  323. test-mergesort.c
  324. test-mktemp.c
  325. test-parse-options.c
  326. test-path-utils.c
  327. test-prio-queue.c
  328. test-read-cache.c
  329. test-regex.c
  330. test-revision-walking.c
  331. test-run-command.c
  332. test-scrap-cache-tree.c
  333. test-sha1-array.c
  334. test-sha1.c
  335. test-sha1.sh
  336. test-sigchain.c
  337. test-string-list.c
  338. test-submodule-config.c
  339. test-subprocess.c
  340. test-svn-fe.c
  341. test-urlmatch-normalization.c
  342. test-wildmatch.c
  343. thread-utils.c
  344. thread-utils.h
  345. trace.c
  346. trace.h
  347. trailer.c
  348. trailer.h
  349. transport-helper.c
  350. transport.c
  351. transport.h
  352. tree-diff.c
  353. tree-walk.c
  354. tree-walk.h
  355. tree.c
  356. tree.h
  357. unicode_width.h
  358. unimplemented.sh
  359. unix-socket.c
  360. unix-socket.h
  361. unpack-trees.c
  362. unpack-trees.h
  363. update_unicode.sh
  364. upload-pack.c
  365. url.c
  366. url.h
  367. urlmatch.c
  368. urlmatch.h
  369. usage.c
  370. userdiff.c
  371. userdiff.h
  372. utf8.c
  373. utf8.h
  374. varint.c
  375. varint.h
  376. version.c
  377. version.h
  378. versioncmp.c
  379. walker.c
  380. walker.h
  381. wildmatch.c
  382. wildmatch.h
  383. worktree.c
  384. worktree.h
  385. wrap-for-bin.sh
  386. wrapper.c
  387. write_or_die.c
  388. ws.c
  389. wt-status.c
  390. wt-status.h
  391. xdiff-interface.c
  392. xdiff-interface.h
  393. zlib.c