Commit b205f5386aafd9236d13ecf124044fa89a3fd349

Edward Thomson 2019-05-20T06:38:51

iterator: sanity-check path length and safely cast

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
diff --git a/src/iterator.c b/src/iterator.c
index d00b8aa..12b2822 100644
--- a/src/iterator.c
+++ b/src/iterator.c
@@ -1303,7 +1303,12 @@ static int filesystem_iterator_entry_init(
 		sizeof(filesystem_iterator_entry), path_len);
 	GIT_ERROR_CHECK_ALLOC_ADD(&entry_size, entry_size, 2);
 
-	entry = git_pool_malloc(&frame->entry_pool, entry_size);
+	if (entry_size > UINT32_MAX) {
+		git_error_set(GIT_ERROR_REPOSITORY, "file path too long");
+		return -1;
+	}
+
+	entry = git_pool_malloc(&frame->entry_pool, (uint32_t)entry_size);
 	GIT_ERROR_CHECK_ALLOC(entry);
 
 	entry->path_len = path_len;