tree-diff: catch integer overflow in combine_diff_path allocation

A combine_diff_path struct has two "flex" members allocated
alongside the struct: a string to hold the pathname, and an
array of parent pointers. We use an "int" to compute this,
meaning we may easily overflow it if the pathname is
extremely long.

We can fix this by using size_t, and checking for overflow
with the st_add helper.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/diff.h b/diff.h
index 1ac058222800eb31acbf06ff918e0ce4dd79e937..561635b2b9be13c19874152a2185ad2b6d867834 100644 (file)
--- a/diff.h
+++ b/diff.h
@@ -215,8 +215,8 @@ struct combine_diff_path {
        } parent[FLEX_ARRAY];
 };
 #define combine_diff_path_size(n, l) \
-       (sizeof(struct combine_diff_path) + \
-        sizeof(struct combine_diff_parent) * (n) + (l) + 1)
+       st_add4(sizeof(struct combine_diff_path), (l), 1, \
+               st_mult(sizeof(struct combine_diff_parent), (n)))
 
 extern void show_combined_diff(struct combine_diff_path *elem, int num_parent,
                              int dense, struct rev_info *);

diff --git a/tree-diff.c b/tree-diff.c
index e7b378c8b2c8f145519410bb17811bf60eb29384..4b32d40677da2821fca8d9b15300229800117e07 100644 (file)
--- a/tree-diff.c
+++ b/tree-diff.c
@@ -124,8 +124,8 @@ static struct combine_diff_path *path_appendnew(struct combine_diff_path *last,
        unsigned mode, const unsigned char *sha1)
 {
        struct combine_diff_path *p;
-       int len = base->len + pathlen;
-       int alloclen = combine_diff_path_size(nparent, len);
+       size_t len = st_add(base->len, pathlen);
+       size_t alloclen = combine_diff_path_size(nparent, len);
 
        /* if last->next is !NULL - it is a pre-allocated memory, we can reuse */
        p = last->next;