From: Junio C Hamano <gitster@pobox.com>
Date: Thu, 10 Mar 2016 19:13:46 +0000 (-0800)
Subject: Merge branch 'jk/pack-idx-corruption-safety' into maint
X-Git-Tag: v2.7.3~6
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=80047fa084f994969d42338bc3fbbb89e7d957d6;p=git-core%2Fgit.git

Merge branch 'jk/pack-idx-corruption-safety' into maint

The code to read the pack data using the offsets stored in the pack
idx file has been made more carefully check the validity of the
data in the idx.

* jk/pack-idx-corruption-safety:
  sha1_file.c: mark strings for translation
  use_pack: handle signed off_t overflow
  nth_packed_object_offset: bounds-check extended offset
  t5313: test bounds-checks of corrupted/malicious pack/idx files
---

80047fa084f994969d42338bc3fbbb89e7d957d6
diff --cc cache.h
index 1f145c2c6,6c9aaa1ae..1a2cec0b8
--- a/cache.h
+++ b/cache.h
@@@ -1365,9 -1234,19 +1365,19 @@@ extern void close_all_packs(void)
  extern void unuse_pack(struct pack_window **);
  extern void free_pack_by_name(const char *);
  extern void clear_delta_base_cache(void);
 -extern struct packed_git *add_packed_git(const char *, int, int);
 +extern struct packed_git *add_packed_git(const char *path, size_t path_len, int local);
  
  /*
+  * Make sure that a pointer access into an mmap'd index file is within bounds,
+  * and can provide at least 8 bytes of data.
+  *
+  * Note that this is only necessary for variable-length segments of the file
+  * (like the 64-bit extended offset table), as we compare the size to the
+  * fixed-length parts when we open the file.
+  */
+ extern void check_pack_index_ptr(const struct packed_git *p, const void *ptr);
+ 
+ /*
   * Return the SHA-1 of the nth object within the specified packfile.
   * Open the index if it is not already open.  The return value points
   * at the SHA-1 within the mmapped index.  Return NULL if there is an