Web lists-archives.com

[PATCH] load_subtree(): check that `prefix_len` is in the expected range

This value, which is stashed in the last byte of an object_id hash,
gets handed around a lot. So add a sanity check before using it in

Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx>
This patch is an addendum to v1 of the mh/notes-cleanup patch series
[1]. It adds the assertion that was suggested by Junio [2].

Since the first patch series is already in next, this patch is
constructed to apply on top of that branch.

Thanks to Junio and Johan for their review of v1.


[1] https://public-inbox.org/git/cover.1503734566.git.mhagger@xxxxxxxxxxxx/
[2] https://public-inbox.org/git/xmqqh8wuqo6e.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxx/

 notes.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/notes.c b/notes.c
index 40d9ba6252..27d232f294 100644
--- a/notes.c
+++ b/notes.c
@@ -417,7 +417,10 @@ static void load_subtree(struct notes_tree *t, struct leaf_node *subtree,
 	prefix_len = subtree->key_oid.hash[KEY_INDEX];
-	assert(prefix_len * 2 >= n);
+	if (prefix_len >= GIT_SHA1_RAWSZ)
+		BUG("prefix_len (%"PRIuMAX") is out of range", (uintmax_t)prefix_len);
+	if (prefix_len * 2 < n)
+		BUG("prefix_len (%"PRIuMAX") is too small", (uintmax_t)prefix_len);
 	memcpy(object_oid.hash, subtree->key_oid.hash, prefix_len);
 	while (tree_entry(&desc, &entry)) {
 		unsigned char type;