From: "Martin Ågren" <martin.agren@gmail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: Git Mailing List <git@vger.kernel.org>,
Junio C Hamano <gitster@pobox.com>
Subject: Re: What's cooking in git.git (Jan 2019, #01; Mon, 7)
Date: Thu, 10 Jan 2019 20:03:54 +0100 [thread overview]
Message-ID: <CAN0heSowybpM6BULwkjXVWSegGd0cM3LLfmXqGjj5qh3Ev9ArA@mail.gmail.com> (raw)
In-Reply-To: <20190110010238.GK423984@genre.crustytoothpaste.net>
On Thu, 10 Jan 2019 at 02:03, brian m. carlson
<sandals@crustytoothpaste.net> wrote:
>
> On Wed, Jan 09, 2019 at 10:06:08PM +0100, Martin Ågren wrote:
> > i.e., we copy sizeof(struct object_id) (=32) bytes. Which is 12 more
> > than what is known to be safe. For this particular input data, we read
> > outside allocated memory.
>
> Anything pointing to a struct object_id has to support at least
> GIT_MAX_RAWSZ bytes, and that code doesn't, because it's a tree buffer.
>
> I ran into this later on in my SHA-256 work and have a series that fixes
> the tree-walk code, but it's a bit involved and requires copying the
> struct object_id out of the buffer.
>
> I thought we were going to be triggering this case only with some new
> code I was introducing, but apparently somebody else got there first.
> As for my series, I'll need to run the testsuite on it, but I'll try to
> get it out tonight or at the latest tomorrow if people want to use that
> instead.
Cool. I should have known that you had something in the pipeline. Thanks
for working on this.
next prev parent reply other threads:[~2019-01-10 19:04 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-07 23:34 What's cooking in git.git (Jan 2019, #01; Mon, 7) Junio C Hamano
2019-01-08 9:50 ` tg/checkout-no-overlay, was " Thomas Gummerer
2019-01-08 17:51 ` Junio C Hamano
2019-01-08 17:30 ` ag/sequencer-reduce-rewriting-todo " Alban Gruin
2019-01-08 21:20 ` sb/more-repo-in-api, was " Jonathan Tan
2019-01-08 21:35 ` Junio C Hamano
2019-01-09 21:28 ` Stefan Beller
2019-01-09 7:37 ` Martin Ågren
2019-01-09 21:06 ` Martin Ågren
2019-01-10 1:02 ` brian m. carlson
2019-01-10 18:55 ` Junio C Hamano
2019-01-10 19:03 ` Martin Ågren [this message]
2019-01-10 4:25 ` [PATCH 0/5] tree-walk object_id refactor brian m. carlson
2019-01-10 4:25 ` [PATCH 1/5] tree-walk: copy object ID before use brian m. carlson
2019-01-10 4:25 ` [PATCH 2/5] match-trees: compute buffer offset correctly when splicing brian m. carlson
2019-01-10 4:25 ` [PATCH 3/5] match-trees: use hashcpy to splice trees brian m. carlson
2019-01-10 6:45 ` Jeff King
2019-01-10 23:55 ` brian m. carlson
2019-01-11 14:51 ` Jeff King
2019-01-11 14:54 ` Jeff King
2019-01-14 1:30 ` brian m. carlson
2019-01-14 15:40 ` Jeff King
2019-01-10 4:25 ` [PATCH 4/5] tree-walk: store object_id in a separate member brian m. carlson
2019-01-10 6:49 ` Jeff King
2019-01-10 23:57 ` brian m. carlson
2019-01-10 4:25 ` [PATCH 5/5] cache: make oidcpy always copy GIT_MAX_RAWSZ bytes brian m. carlson
2019-01-10 6:50 ` Jeff King
2019-01-10 6:40 ` [PATCH 0/5] tree-walk object_id refactor Jeff King
2019-01-11 0:17 ` brian m. carlson
2019-01-11 14:17 ` Jeff King
2019-01-15 0:39 ` [PATCH v2 " brian m. carlson
2019-01-15 0:39 ` [PATCH v2 1/5] tree-walk: copy object ID before use brian m. carlson
2019-01-15 0:39 ` [PATCH v2 2/5] match-trees: compute buffer offset correctly when splicing brian m. carlson
2019-01-15 0:39 ` [PATCH v2 3/5] match-trees: use hashcpy to splice trees brian m. carlson
2019-01-15 0:39 ` [PATCH v2 4/5] tree-walk: store object_id in a separate member brian m. carlson
2019-01-15 0:39 ` [PATCH v2 5/5] cache: make oidcpy always copy GIT_MAX_RAWSZ bytes brian m. carlson
2019-01-15 17:51 ` [PATCH v2 0/5] tree-walk object_id refactor Junio C Hamano
2019-01-09 10:28 ` What's cooking in git.git (Jan 2019, #01; Mon, 7) Jeff King
2019-01-10 19:05 ` Junio C Hamano
2019-01-10 19:46 ` Junio C Hamano
2019-01-10 18:02 ` Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN0heSowybpM6BULwkjXVWSegGd0cM3LLfmXqGjj5qh3Ev9ArA@mail.gmail.com \
--to=martin.agren@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).