From: Ilari Liusvaara Date: Tue, 26 Jan 2010 18:24:14 +0000 (+0200) Subject: Fix integer overflow in unpack_sha1_rest() X-Git-Tag: v1.7.0-rc1~25^2~1 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3aee68aa68e80856de26340b707148d8f8d5b82e;p=git.git Fix integer overflow in unpack_sha1_rest() [jc: later NUL termination by the caller becomes unnecessary] Signed-off-by: Ilari Liusvaara Signed-off-by: Junio C Hamano --- diff --git a/sha1_file.c b/sha1_file.c index 63981fb3f..a90324767 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1) { int bytes = strlen(buffer) + 1; - unsigned char *buf = xmalloc(1+size); + unsigned char *buf = xmallocz(size); unsigned long n; int status = Z_OK; @@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size while (status == Z_OK) status = git_inflate(stream, Z_FINISH); } - buf[size] = 0; if (status == Z_STREAM_END && !stream->avail_in) { git_inflate_end(stream); return buf;