From 506049c7df2c68f1db5a4bae502cfb1af0a73048 Mon Sep 17 00:00:00 2001 From: Nicolas Pitre Date: Sat, 21 Aug 2010 01:00:13 -0400 Subject: [PATCH] fix >4GiB source delta assertion failure When people try insane things such as delta-compressing 4GiB files, they get this assertion: diff-delta.c:285: create_delta_index: Assertion `packed_entry - (struct index_entry *)mem == entries' failed. This happens because: 1) the 'entries' variable is an unsigned int 2) it is assigned with entries = (bufsize - 1) / RABIN_WINDOW (that itself is not a problem unless bufsize > 4G * RABIN_WINDOW) 3) the buffer is indexed from top to bottom starting at "data = buffer + entries * RABIN_WINDOW" and the multiplication here does indeed overflows, making the resulting top of the buffer much lower than expected. This makes the number of actually produced index entries smaller than what was computed initially, hence the assertion. Furthermore, the current delta encoding format cannot represent offsets into a reference buffer with more than 32 bits anyway. So let's just limit the number of entries to what the delta format can encode. Reported-by: Ilari Liusvaara Signed-off-by: Nicolas Pitre Signed-off-by: Junio C Hamano --- diff-delta.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/diff-delta.c b/diff-delta.c index 464ac3ffc..93385e12b 100644 --- a/diff-delta.c +++ b/diff-delta.c @@ -146,7 +146,14 @@ struct delta_index * create_delta_index(const void *buf, unsigned long bufsize) /* Determine index hash size. Note that indexing skips the first byte to allow for optimizing the Rabin's polynomial initialization in create_delta(). */ - entries = (bufsize - 1) / RABIN_WINDOW; + entries = (bufsize - 1) / RABIN_WINDOW; + if (bufsize >= 0xffffffffUL) { + /* + * Current delta format can't encode offsets into + * reference buffer with more than 32 bits. + */ + entries = 0xfffffffeU / RABIN_WINDOW; + } hsize = entries / 4; for (i = 4; (1u << i) < hsize && i < 31; i++); hsize = 1 << i; -- 2.30.2