Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
index: fix out-of-bounds read with invalid index entry prefix length
The index format in version 4 has prefix-compressed entries, where every index entry can compress its path by using a path prefix of the previous entry. Since implmenting support for this index format version in commit 5625d86 (index: support index v4, 2016-05-17), though, we do not correctly verify that the prefix length that we want to reuse is actually smaller or equal to the amount of characters than the length of the previous index entry's path. This can lead to a an integer underflow and subsequently to an out-of-bounds read. Fix this by verifying that the prefix is actually smaller than the previous entry's path length. Reported-by: Krishna Ram Prakash R <firstname.lastname@example.org> Reported-by: Vivek Parikh <email@example.com>
- Loading branch information
Showing with 10 additions and 9 deletions.
- +10 −9 src/index.c