зеркало из https://github.com/microsoft/git.git
Merge branch 'il/maint-xmallocz'
* il/maint-xmallocz: Fix integer overflow in unpack_compressed_entry() Fix integer overflow in unpack_sha1_rest() Fix integer overflow in patch_delta() Add xmallocz()
This commit is contained in:
Junio C Hamano
Коммит
a0075d9e6a
|
|
@ -348,6 +348,7 @@ extern void release_pack_memory(size_t, int);
|
|||
|
||||
extern char *xstrdup(const char *str);
|
||||
extern void *xmalloc(size_t size);
|
||||
extern void *xmallocz(size_t size);
|
||||
extern void *xmemdupz(const void *data, size_t len);
|
||||
extern char *xstrndup(const char *str, size_t len);
|
||||
extern void *xrealloc(void *ptr, size_t size);
|
||||
|
|
|
|||
|
|
@ -33,8 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
|
|||
|
||||
/* now the result size */
|
||||
size = get_delta_hdr_size(&data, top);
|
||||
dst_buf = xmalloc(size + 1);
|
||||
dst_buf[size] = 0;
|
||||
dst_buf = xmallocz(size);
|
||||
|
||||
out = dst_buf;
|
||||
while (data < top) {
|
||||
|
|
|
|||
|
|
@ -1166,7 +1166,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
|
|||
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
|
||||
{
|
||||
int bytes = strlen(buffer) + 1;
|
||||
unsigned char *buf = xmalloc(1+size);
|
||||
unsigned char *buf = xmallocz(size);
|
||||
unsigned long n;
|
||||
int status = Z_OK;
|
||||
|
||||
|
|
@ -1194,7 +1194,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
|
|||
while (status == Z_OK)
|
||||
status = git_inflate(stream, Z_FINISH);
|
||||
}
|
||||
buf[size] = 0;
|
||||
if (status == Z_STREAM_END && !stream->avail_in) {
|
||||
git_inflate_end(stream);
|
||||
return buf;
|
||||
|
|
@ -1517,8 +1516,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
|
|||
z_stream stream;
|
||||
unsigned char *buffer, *in;
|
||||
|
||||
buffer = xmalloc(size + 1);
|
||||
buffer[size] = 0;
|
||||
buffer = xmallocz(size);
|
||||
memset(&stream, 0, sizeof(stream));
|
||||
stream.next_out = buffer;
|
||||
stream.avail_out = size + 1;
|
||||
|
|
|
|||
15
wrapper.c
15
wrapper.c
|
|
@ -34,6 +34,16 @@ void *xmalloc(size_t size)
|
|||
return ret;
|
||||
}
|
||||
|
||||
void *xmallocz(size_t size)
|
||||
{
|
||||
void *ret;
|
||||
if (size + 1 < size)
|
||||
die("Data too large to fit into virtual memory space.");
|
||||
ret = xmalloc(size + 1);
|
||||
((char*)ret)[size] = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of
|
||||
* "data" to the allocated memory, zero terminates the allocated memory,
|
||||
|
|
@ -42,10 +52,7 @@ void *xmalloc(size_t size)
|
|||
*/
|
||||
void *xmemdupz(const void *data, size_t len)
|
||||
{
|
||||
char *p = xmalloc(len + 1);
|
||||
memcpy(p, data, len);
|
||||
p[len] = '\0';
|
||||
return p;
|
||||
return memcpy(xmallocz(len), data, len);
|
||||
}
|
||||
|
||||
char *xstrndup(const char *str, size_t len)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче