On Fri, Apr 05, 2013 at 04:49:15PM -0700, Jonathan Nieder wrote:
> > Though this is a stack overflow, I don't know that it's exploitable for
> > anything interesting; an attacker does not get to write arbitrary data,
> > but rather only a sequence of "^%d" and "~%d" relative history markers.
> > Perhaps in theory one could devise a history such that the sequence
> > markers spelled out some malicious code, but it would be quite a
> > challenge
> Overwrite the return address and return-to-libc?
Still hard, since you need to construct a usable address (and arguments)
out of sequences of "^[0-9]+" and "~[0-9]+". But I'd love to see a
working exploit if somebody thinks they can do it. :)
> Very clean and obviously correct. Thanks.
> Reviewed-by: Jonathan Nieder <jrnie...@gmail.com>
> A test would be nice, though.
What should it be testing? That a giant chain of second-parent merges
that exceeds 1000 bytes doesn't segfault? Tests like that are not all
that interesting, because they do not catch real-world regressions. We
have closed this barn door; it is not impossible that it will be
re-opened, but it is not likely. A test that checks only for a very
specific type of failure is only ever going to see that failure.
If you want to design a suite of tests that check that show-branch gives
correct output for particular brands of large repo, that would be
generic and potentially useful. But I don't think it's actually worth
spending a lot of time on (reviewing the code for more static buffers
and sprintfs would probably be a much more fruitful use of time).
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html