From: Martin Koegler Date: Mon, 18 Feb 2008 20:47:52 +0000 (+0100) Subject: read_object_with_reference: don't read beyond the buffer X-Git-Tag: v1.5.5-rc0~93^2~21 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=50974ec99408b2d814360863e72a5eca613889c8;p=git.git read_object_with_reference: don't read beyond the buffer Signed-off-by: Martin Koegler Signed-off-by: Junio C Hamano --- diff --git a/sha1_file.c b/sha1_file.c index 66a4e00fa..0ca7f0dbc 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1943,7 +1943,8 @@ void *read_object_with_reference(const unsigned char *sha1, } ref_length = strlen(ref_type); - if (memcmp(buffer, ref_type, ref_length) || + if (ref_length + 40 > isize || + memcmp(buffer, ref_type, ref_length) || get_sha1_hex((char *) buffer + ref_length, actual_sha1)) { free(buffer); return NULL;