Browse Source

Merge branch 'jk/path-name-safety-2.4' into maint-2.4

Bugfix patches were backported from the 'master' front to plug heap
corruption holes, to catch integer overflow in the computation of
pathname lengths, and to get rid of the name_path API.  Both of
these would have resulted in writing over an under-allocated buffer
when formulating pathnames while tree traversal.

* jk/path-name-safety-2.4:
  list-objects: pass full pathname to callbacks
  list-objects: drop name_path entirely
  list-objects: convert name_path to a strbuf
  show_object_with_name: simplify by using path_name()
  http-push: stop using name_path
  tree-diff: catch integer overflow in combine_diff_path allocation
  add helpers for detecting size_t overflow
maint
Junio C Hamano 9 years ago
parent
commit
32c6dca8c4
  1. 15
      builtin/pack-objects.c
  2. 12
      builtin/rev-list.c
  3. 4
      diff.h
  4. 34
      git-compat-util.h
  5. 23
      http-push.c
  6. 40
      list-objects.c
  7. 2
      list-objects.h
  8. 3
      pack-bitmap-write.c
  9. 13
      pack-bitmap.c
  10. 5
      reachable.c
  11. 64
      revision.c
  12. 11
      revision.h
  13. 4
      tree-diff.c

15
builtin/pack-objects.c

@ -2284,21 +2284,11 @@ static void show_commit(struct commit *commit, void *data) @@ -2284,21 +2284,11 @@ static void show_commit(struct commit *commit, void *data)
index_commit_for_bitmap(commit);
}

static void show_object(struct object *obj,
const struct name_path *path, const char *last,
void *data)
static void show_object(struct object *obj, const char *name, void *data)
{
char *name = path_name(path, last);

add_preferred_base_object(name);
add_object_entry(obj->sha1, obj->type, name, 0);
obj->flags |= OBJECT_ADDED;

/*
* We will have generated the hash from the name,
* but not saved a pointer to it - we can free it
*/
free((char *)name);
}

static void show_edge(struct commit *commit)
@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(struct rev_info *revs) @@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(struct rev_info *revs)
}

static void record_recent_object(struct object *obj,
const struct name_path *path,
const char *last,
const char *name,
void *data)
{
sha1_array_append(&recent_objects, obj->sha1);

12
builtin/rev-list.c

@ -177,9 +177,7 @@ static void finish_commit(struct commit *commit, void *data) @@ -177,9 +177,7 @@ static void finish_commit(struct commit *commit, void *data)
free_commit_buffer(commit);
}

static void finish_object(struct object *obj,
const struct name_path *path, const char *name,
void *cb_data)
static void finish_object(struct object *obj, const char *name, void *cb_data)
{
struct rev_list_info *info = cb_data;
if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1))
@ -188,15 +186,13 @@ static void finish_object(struct object *obj, @@ -188,15 +186,13 @@ static void finish_object(struct object *obj,
parse_object(obj->sha1);
}

static void show_object(struct object *obj,
const struct name_path *path, const char *component,
void *cb_data)
static void show_object(struct object *obj, const char *name, void *cb_data)
{
struct rev_list_info *info = cb_data;
finish_object(obj, path, component, cb_data);
finish_object(obj, name, cb_data);
if (info->flags & REV_LIST_QUIET)
return;
show_object_with_name(stdout, obj, path, component);
show_object_with_name(stdout, obj, name);
}

static void show_edge(struct commit *commit)

4
diff.h

@ -215,8 +215,8 @@ struct combine_diff_path { @@ -215,8 +215,8 @@ struct combine_diff_path {
} parent[FLEX_ARRAY];
};
#define combine_diff_path_size(n, l) \
(sizeof(struct combine_diff_path) + \
sizeof(struct combine_diff_parent) * (n) + (l) + 1)
st_add4(sizeof(struct combine_diff_path), (l), 1, \
st_mult(sizeof(struct combine_diff_parent), (n)))

extern void show_combined_diff(struct combine_diff_path *elem, int num_parent,
int dense, struct rev_info *);

34
git-compat-util.h

@ -96,6 +96,14 @@ @@ -96,6 +96,14 @@
#define unsigned_add_overflows(a, b) \
((b) > maximum_unsigned_value_of_type(a) - (a))

/*
* Returns true if the multiplication of "a" and "b" will
* overflow. The types of "a" and "b" must match and must be unsigned.
* Note that this macro evaluates "a" twice!
*/
#define unsigned_mult_overflows(a, b) \
((a) && (b) > maximum_unsigned_value_of_type(a) / (a))

#ifdef __GNUC__
#define TYPEOF(x) (__typeof__(x))
#else
@ -698,6 +706,32 @@ extern void release_pack_memory(size_t); @@ -698,6 +706,32 @@ extern void release_pack_memory(size_t);
typedef void (*try_to_free_t)(size_t);
extern try_to_free_t set_try_to_free_routine(try_to_free_t);

static inline size_t st_add(size_t a, size_t b)
{
if (unsigned_add_overflows(a, b))
die("size_t overflow: %"PRIuMAX" + %"PRIuMAX,
(uintmax_t)a, (uintmax_t)b);
return a + b;
}
#define st_add3(a,b,c) st_add((a),st_add((b),(c)))
#define st_add4(a,b,c,d) st_add((a),st_add3((b),(c),(d)))

static inline size_t st_mult(size_t a, size_t b)
{
if (unsigned_mult_overflows(a, b))
die("size_t overflow: %"PRIuMAX" * %"PRIuMAX,
(uintmax_t)a, (uintmax_t)b);
return a * b;
}

static inline size_t st_sub(size_t a, size_t b)
{
if (a < b)
die("size_t underflow: %"PRIuMAX" - %"PRIuMAX,
(uintmax_t)a, (uintmax_t)b);
return a - b;
}

#ifdef HAVE_ALLOCA_H
# include <alloca.h>
# define xalloca(size) (alloca(size))

23
http-push.c

@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis @@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis
}

static struct object_list **process_blob(struct blob *blob,
struct object_list **p,
struct name_path *path,
const char *name)
struct object_list **p)
{
struct object *obj = &blob->object;

@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob, @@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob,
}

static struct object_list **process_tree(struct tree *tree,
struct object_list **p,
struct name_path *path,
const char *name)
struct object_list **p)
{
struct object *obj = &tree->object;
struct tree_desc desc;
struct name_entry entry;
struct name_path me;

obj->flags |= LOCAL;

@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree, @@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree,
die("bad tree object %s", sha1_to_hex(obj->sha1));

obj->flags |= SEEN;
name = xstrdup(name);
p = add_one_object(obj, p);
me.up = path;
me.elem = name;
me.elem_len = strlen(name);

init_tree_desc(&desc, tree->buffer, tree->size);

while (tree_entry(&desc, &entry))
switch (object_type(entry.mode)) {
case OBJ_TREE:
p = process_tree(lookup_tree(entry.sha1), p, &me, name);
p = process_tree(lookup_tree(entry.sha1), p);
break;
case OBJ_BLOB:
p = process_blob(lookup_blob(entry.sha1), p, &me, name);
p = process_blob(lookup_blob(entry.sha1), p);
break;
default:
/* Subproject commit - not in this repository */
@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) @@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
int count = 0;

while ((commit = get_revision(revs)) != NULL) {
p = process_tree(commit->tree, p, NULL, "");
p = process_tree(commit->tree, p);
commit->object.flags |= LOCAL;
if (!(commit->object.flags & UNINTERESTING))
count += add_send_request(&commit->object, lock);
@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) @@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
continue;
}
if (obj->type == OBJ_TREE) {
p = process_tree((struct tree *)obj, p, NULL, name);
p = process_tree((struct tree *)obj, p);
continue;
}
if (obj->type == OBJ_BLOB) {
p = process_blob((struct blob *)obj, p, NULL, name);
p = process_blob((struct blob *)obj, p);
continue;
}
die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);

40
list-objects.c

@ -11,11 +11,12 @@ @@ -11,11 +11,12 @@
static void process_blob(struct rev_info *revs,
struct blob *blob,
show_object_fn show,
struct name_path *path,
struct strbuf *path,
const char *name,
void *cb_data)
{
struct object *obj = &blob->object;
size_t pathlen;

if (!revs->blob_objects)
return;
@ -24,7 +25,11 @@ static void process_blob(struct rev_info *revs, @@ -24,7 +25,11 @@ static void process_blob(struct rev_info *revs,
if (obj->flags & (UNINTERESTING | SEEN))
return;
obj->flags |= SEEN;
show(obj, path, name, cb_data);

pathlen = path->len;
strbuf_addstr(path, name);
show(obj, path->buf, cb_data);
strbuf_setlen(path, pathlen);
}

/*
@ -52,7 +57,7 @@ static void process_blob(struct rev_info *revs, @@ -52,7 +57,7 @@ static void process_blob(struct rev_info *revs,
static void process_gitlink(struct rev_info *revs,
const unsigned char *sha1,
show_object_fn show,
struct name_path *path,
struct strbuf *path,
const char *name,
void *cb_data)
{
@ -62,7 +67,6 @@ static void process_gitlink(struct rev_info *revs, @@ -62,7 +67,6 @@ static void process_gitlink(struct rev_info *revs,
static void process_tree(struct rev_info *revs,
struct tree *tree,
show_object_fn show,
struct name_path *path,
struct strbuf *base,
const char *name,
void *cb_data)
@ -70,7 +74,6 @@ static void process_tree(struct rev_info *revs, @@ -70,7 +74,6 @@ static void process_tree(struct rev_info *revs,
struct object *obj = &tree->object;
struct tree_desc desc;
struct name_entry entry;
struct name_path me;
enum interesting match = revs->diffopt.pathspec.nr == 0 ?
all_entries_interesting: entry_not_interesting;
int baselen = base->len;
@ -86,17 +89,12 @@ static void process_tree(struct rev_info *revs, @@ -86,17 +89,12 @@ static void process_tree(struct rev_info *revs,
return;
die("bad tree object %s", sha1_to_hex(obj->sha1));
}

obj->flags |= SEEN;
show(obj, path, name, cb_data);
me.up = path;
me.elem = name;
me.elem_len = strlen(name);

if (!match) {
strbuf_addstr(base, name);
if (base->len)
strbuf_addch(base, '/');
}
strbuf_addstr(base, name);
show(obj, base->buf, cb_data);
if (base->len)
strbuf_addch(base, '/');

init_tree_desc(&desc, tree->buffer, tree->size);

@ -113,16 +111,16 @@ static void process_tree(struct rev_info *revs, @@ -113,16 +111,16 @@ static void process_tree(struct rev_info *revs,
if (S_ISDIR(entry.mode))
process_tree(revs,
lookup_tree(entry.sha1),
show, &me, base, entry.path,
show, base, entry.path,
cb_data);
else if (S_ISGITLINK(entry.mode))
process_gitlink(revs, entry.sha1,
show, &me, entry.path,
show, base, entry.path,
cb_data);
else
process_blob(revs,
lookup_blob(entry.sha1),
show, &me, entry.path,
show, base, entry.path,
cb_data);
}
strbuf_setlen(base, baselen);
@ -213,19 +211,19 @@ void traverse_commit_list(struct rev_info *revs, @@ -213,19 +211,19 @@ void traverse_commit_list(struct rev_info *revs,
continue;
if (obj->type == OBJ_TAG) {
obj->flags |= SEEN;
show_object(obj, NULL, name, data);
show_object(obj, name, data);
continue;
}
if (!path)
path = "";
if (obj->type == OBJ_TREE) {
process_tree(revs, (struct tree *)obj, show_object,
NULL, &base, path, data);
&base, path, data);
continue;
}
if (obj->type == OBJ_BLOB) {
process_blob(revs, (struct blob *)obj, show_object,
NULL, path, data);
&base, path, data);
continue;
}
die("unknown pending object %s (%s)",

2
list-objects.h

@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
#define LIST_OBJECTS_H

typedef void (*show_commit_fn)(struct commit *, void *);
typedef void (*show_object_fn)(struct object *, const struct name_path *, const char *, void *);
typedef void (*show_object_fn)(struct object *, const char *, void *);
void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *);

typedef void (*show_edge_fn)(struct commit *);

3
pack-bitmap-write.c

@ -148,8 +148,7 @@ static uint32_t find_object_pos(const unsigned char *sha1) @@ -148,8 +148,7 @@ static uint32_t find_object_pos(const unsigned char *sha1)
return entry->in_pack_pos;
}

static void show_object(struct object *object, const struct name_path *path,
const char *last, void *data)
static void show_object(struct object *object, const char *name, void *data)
{
struct bitmap *base = data;
bitmap_set(base, find_object_pos(object->sha1));

13
pack-bitmap.c

@ -422,19 +422,15 @@ static int ext_index_add_object(struct object *object, const char *name) @@ -422,19 +422,15 @@ static int ext_index_add_object(struct object *object, const char *name)
return bitmap_pos + bitmap_git.pack->num_objects;
}

static void show_object(struct object *object, const struct name_path *path,
const char *last, void *data)
static void show_object(struct object *object, const char *name, void *data)
{
struct bitmap *base = data;
int bitmap_pos;

bitmap_pos = bitmap_position(object->sha1);

if (bitmap_pos < 0) {
char *name = path_name(path, last);
if (bitmap_pos < 0)
bitmap_pos = ext_index_add_object(object, name);
free(name);
}

bitmap_set(base, bitmap_pos);
}
@ -902,9 +898,8 @@ struct bitmap_test_data { @@ -902,9 +898,8 @@ struct bitmap_test_data {
size_t seen;
};

static void test_show_object(struct object *object,
const struct name_path *path,
const char *last, void *data)
static void test_show_object(struct object *object, const char *name,
void *data)
{
struct bitmap_test_data *tdata = data;
int bitmap_pos;

5
reachable.c

@ -36,15 +36,14 @@ static int add_one_ref(const char *path, const unsigned char *sha1, int flag, vo @@ -36,15 +36,14 @@ static int add_one_ref(const char *path, const unsigned char *sha1, int flag, vo
* The traversal will have already marked us as SEEN, so we
* only need to handle any progress reporting here.
*/
static void mark_object(struct object *obj, const struct name_path *path,
const char *name, void *data)
static void mark_object(struct object *obj, const char *name, void *data)
{
update_progress(data);
}

static void mark_commit(struct commit *c, void *data)
{
mark_object(&c->object, NULL, NULL, data);
mark_object(&c->object, NULL, data);
}

struct recent_data {

64
revision.c

@ -21,69 +21,13 @@ @@ -21,69 +21,13 @@

volatile show_early_output_fn_t show_early_output;

char *path_name(const struct name_path *path, const char *name)
{
const struct name_path *p;
char *n, *m;
int nlen = strlen(name);
int len = nlen + 1;

for (p = path; p; p = p->up) {
if (p->elem_len)
len += p->elem_len + 1;
}
n = xmalloc(len);
m = n + len - (nlen + 1);
strcpy(m, name);
for (p = path; p; p = p->up) {
if (p->elem_len) {
m -= p->elem_len + 1;
memcpy(m, p->elem, p->elem_len);
m[p->elem_len] = '/';
}
}
return n;
}

static int show_path_component_truncated(FILE *out, const char *name, int len)
{
int cnt;
for (cnt = 0; cnt < len; cnt++) {
int ch = name[cnt];
if (!ch || ch == '\n')
return -1;
fputc(ch, out);
}
return len;
}

static int show_path_truncated(FILE *out, const struct name_path *path)
{
int emitted, ours;

if (!path)
return 0;
emitted = show_path_truncated(out, path->up);
if (emitted < 0)
return emitted;
if (emitted)
fputc('/', out);
ours = show_path_component_truncated(out, path->elem, path->elem_len);
if (ours < 0)
return ours;
return ours || emitted;
}

void show_object_with_name(FILE *out, struct object *obj,
const struct name_path *path, const char *component)
void show_object_with_name(FILE *out, struct object *obj, const char *name)
{
struct name_path leaf;
leaf.up = (struct name_path *)path;
leaf.elem = component;
leaf.elem_len = strlen(component);
const char *p;

fprintf(out, "%s ", sha1_to_hex(obj->sha1));
show_path_truncated(out, &leaf);
for (p = name; *p && *p != '\n'; p++)
fputc(*p, out);
fputc('\n', out);
}


11
revision.h

@ -256,16 +256,9 @@ extern void put_revision_mark(const struct rev_info *revs, @@ -256,16 +256,9 @@ extern void put_revision_mark(const struct rev_info *revs,
extern void mark_parents_uninteresting(struct commit *commit);
extern void mark_tree_uninteresting(struct tree *tree);

struct name_path {
struct name_path *up;
int elem_len;
const char *elem;
};

char *path_name(const struct name_path *path, const char *name);
char *path_name(struct strbuf *path, const char *name);

extern void show_object_with_name(FILE *, struct object *,
const struct name_path *, const char *);
extern void show_object_with_name(FILE *, struct object *, const char *);

extern void add_pending_object(struct rev_info *revs,
struct object *obj, const char *name);

4
tree-diff.c

@ -124,8 +124,8 @@ static struct combine_diff_path *path_appendnew(struct combine_diff_path *last, @@ -124,8 +124,8 @@ static struct combine_diff_path *path_appendnew(struct combine_diff_path *last,
unsigned mode, const unsigned char *sha1)
{
struct combine_diff_path *p;
int len = base->len + pathlen;
int alloclen = combine_diff_path_size(nparent, len);
size_t len = st_add(base->len, pathlen);
size_t alloclen = combine_diff_path_size(nparent, len);

/* if last->next is !NULL - it is a pre-allocated memory, we can reuse */
p = last->next;

Loading…
Cancel
Save