Skip to content

Commit

Permalink
Fix integer overflow in unpack_sha1_rest()
Browse files Browse the repository at this point in the history 
[jc: later NUL termination by the caller becomes unnecessary]

Signed-off-by: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
Ilari Liusvaara authored and Junio C Hamano committed Jan 26, 2010
1 parent 222083a commit 3aee68a
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions sha1_file.c
View file
Original file line number Diff line number Diff line change
@@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
{
int bytes = strlen(buffer) + 1;
unsigned char *buf = xmalloc(1+size);
unsigned char *buf = xmallocz(size);
unsigned long n;
int status = Z_OK;

@@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
while (status == Z_OK)
status = git_inflate(stream, Z_FINISH);
}
buf[size] = 0;
if (status == Z_STREAM_END && !stream->avail_in) {
git_inflate_end(stream);
return buf;

0 comments on commit 3aee68a

Please sign in to comment.