Junio C Hamano <gits...@pobox.com> writes:
> Good that your attempt to signature-changing change caught it. I'll
> take a further look.
So here are two patch series. The first one makes sure all callers
of parse_sha1_header() check the returned status.
-- >8 --
From: Junio C Hamano <gits...@pobox.com>
Date: Mon, 26 Sep 2016 09:23:41 -0700
Subject: [PATCH 1/2] streaming: make sure to notice corrupt object
The streaming read interface from a loose object called
parse_sha1_header() but discarded its return value, without noticing
a potential error.
Signed-off-by: Junio C Hamano <gits...@pobox.com>
---
streaming.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/streaming.c b/streaming.c
index 811fcc2..884a8f1 100644
--- a/streaming.c
+++ b/streaming.c
@@ -347,7 +347,8 @@ static open_method_decl(loose)
return -1;
}
- parse_sha1_header(st->u.loose.hdr, &st->size);
+ if (parse_sha1_header(st->u.loose.hdr, &st->size) < 0)
+ return -1;
st->u.loose.hdr_used = strlen(st->u.loose.hdr) + 1;
st->u.loose.hdr_avail = st->z.total_out;
st->z_state = z_used;
--
2.10.0-533-ga18d90d
