From 5d6f3ef6413172388ee5e6090afe9802a30a59f0 Mon Sep 17 00:00:00 2001 From: "Shawn O. Pearce" Date: Mon, 15 Jan 2007 23:40:27 -0500 Subject: [PATCH] Corrected buffer overflow during automatic checkpoint in fast-import. If we previously were using a delta but we needed to checkpoint the current packfile and switch to a new packfile we need to throw away the delta and compress the raw object by itself, as delta chains cannot span non-thin packfiles. Unfortunately the output buffer in this case needs to grow, as the size of the compressed object may be quite a bit larger than the size of the compressed delta. I've also avoided recompressing the object if we are checkpointing and we didn't use a delta. In this case the output buffer is the correct size and has already been populated with the right data, we just need to close out the current packfile and open a new one. Signed-off-by: Shawn O. Pearce --- fast-import.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fast-import.c b/fast-import.c index 19d01e20a..57d857c38 100644 --- a/fast-import.c +++ b/fast-import.c @@ -847,16 +847,17 @@ static int store_object( if (delta) { free(delta); delta = NULL; + + memset(&s, 0, sizeof(s)); + deflateInit(&s, zlib_compression_level); + s.next_in = dat; + s.avail_in = datlen; + s.avail_out = deflateBound(&s, s.avail_in); + s.next_out = out = xrealloc(out, s.avail_out); + while (deflate(&s, Z_FINISH) == Z_OK) + /* nothing */; + deflateEnd(&s); } - memset(&s, 0, sizeof(s)); - deflateInit(&s, zlib_compression_level); - s.next_in = dat; - s.avail_in = datlen; - s.avail_out = deflateBound(&s, s.avail_in); - s.next_out = out; - while (deflate(&s, Z_FINISH) == Z_OK) - /* nothing */; - deflateEnd(&s); } e->type = type; -- 2.30.2