packfile: fix off-by-one error in decoding logic

shift count being exactly at 7-bit smaller than the long is OK; on
32-bit architecture, shift count starts at 4 and goes through 11, 18
and 25, at which point the guard triggers one iteration too early.

Reported-by: Marc Strapetz <marc.strapetz@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Junio C Hamano 2022-01-12 12:11:42 -08:00
Родитель 34de5b8eac
Коммит a5c97b0164
1 изменённых файлов: 1 добавлений и 1 удалений

Просмотреть файл

@ -1067,7 +1067,7 @@ unsigned long unpack_object_header_buffer(const unsigned char *buf,
size = c & 15; size = c & 15;
shift = 4; shift = 4;
while (c & 0x80) { while (c & 0x80) {
if (len <= used || (bitsizeof(long) - 7) <= shift) { if (len <= used || (bitsizeof(long) - 7) < shift) {
error("bad object header"); error("bad object header");
size = used = 0; size = used = 0;
break; break;