Merge branch 'jk/pack-idx-corruption-safety'

The code to read the pack data using the offsets stored in the pack
idx file has been made more carefully check the validity of the
data in the idx.

* jk/pack-idx-corruption-safety:
  sha1_file.c: mark strings for translation
  use_pack: handle signed off_t overflow
  nth_packed_object_offset: bounds-check extended offset
  t5313: test bounds-checks of corrupted/malicious pack/idx files

diff --cc builtin/index-pack.c
Simple merge

diff --cc cache.h
index d7ff46e,6c9aaa1..b829410
--- 1/cache.h
--- 2/cache.h
+++ b/cache.h
@@@ -1367,9 -1234,19 +1367,19 @@@ extern void close_all_packs(void)
  extern void unuse_pack(struct pack_window **);
  extern void free_pack_by_name(const char *);
  extern void clear_delta_base_cache(void);
 -extern struct packed_git *add_packed_git(const char *, int, int);
 +extern struct packed_git *add_packed_git(const char *path, size_t path_len, int local);
  
  /*
+  * Make sure that a pointer access into an mmap'd index file is within bounds,
+  * and can provide at least 8 bytes of data.
+  *
+  * Note that this is only necessary for variable-length segments of the file
+  * (like the 64-bit extended offset table), as we compare the size to the
+  * fixed-length parts when we open the file.
+  */
+ extern void check_pack_index_ptr(const struct packed_git *p, const void *ptr);
+ 
+ /*
   * Return the SHA-1 of the nth object within the specified packfile.
   * Open the index if it is not already open.  The return value points
   * at the SHA-1 within the mmapped index.  Return NULL if there is an

diff --cc sha1_file.c
Simple merge