Re: Possible integer overflow parsing malformed objects in git 2.10.0

- Original Message - > Jeff King writes: > > > That being said, the parse_sha1_header() function clearly does not > > detect overflow at all when parsing the size. So on a 32-bit system, you > > end up with: > > > > $ git fsck > > fatal: Out of memory, malloc failed

Re: Possible integer overflow parsing malformed objects in git 2.10.0

Jeff King writes: > That being said, the parse_sha1_header() function clearly does not > detect overflow at all when parsing the size. So on a 32-bit system, you > end up with: > > $ git fsck > fatal: Out of memory, malloc failed (tried to allocate 4294967141 bytes) > > which

Re: Possible integer overflow parsing malformed objects in git 2.10.0

On Tue, Sep 27, 2016 at 04:30:23AM +0200, Gustavo Grieco wrote: > We found a malformed object file that triggers an allocation with a > negative size when parsed in git 2.10.0. It can be caused by an > integer overflow somewhere, so it is better to verify how the code got > such value. Are you

Possible integer overflow parsing malformed objects in git 2.10.0

Hi, We found a malformed object file that triggers an allocation with a negative size when parsed in git 2.10.0. It can be caused by an integer overflow somewhere, so it is better to verify how the code got such value. It was tested on ArchLinux x86_64. To reproduce, first recompile git with