Commit 1a3fa1f5fafd433bdcf1834426d6963eff532125
2018-10-18T11:25:59
commit_list: avoid use of strtol64 without length limit When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem.
diff --git a/src/commit_list.c b/src/commit_list.c
index 96bd9dc..b4313ee 100644
--- a/src/commit_list.c
+++ b/src/commit_list.c
@@ -171,7 +171,9 @@ static int commit_quick_parse(
buffer--;
}
- if ((buffer == committer_start) || (git__strtol64(&commit_time, (char *)(buffer + 1), NULL, 10) < 0))
+ if ((buffer == committer_start) ||
+ (git__strntol64(&commit_time, (char *)(buffer + 1),
+ buffer_end - buffer + 1, NULL, 10) < 0))
return commit_error(commit, "cannot parse commit time");
commit->time = commit_time;