diff options
| author | Marc Strapetz <marc.strapetz@syntevo.com> | 2020-08-12 14:50:20 +0200 |
|---|---|---|
| committer | Thomas Wolf <thomas.wolf@paranor.ch> | 2020-08-25 12:42:53 -0400 |
| commit | 0220f32e5a60d3f0ac4acd3d2f35fd5a2a44809a (patch) | |
| tree | dcc118e35dbf5ae2498ddee218a4dbd0ea0bdcb3 | |
| parent | 2990ad66ade8289f1d91a00b65a2406fabd1dea2 (diff) | |
| download | jgit-0220f32e5a60d3f0ac4acd3d2f35fd5a2a44809a.tar.gz jgit-0220f32e5a60d3f0ac4acd3d2f35fd5a2a44809a.zip | |
Fix possible NegativeArraySizeException in PackIndexV1
Due to an integer overflow bug, the current "Index file is too large
for jgit" check did not work properly and subsequently a
NegativeArraySizeException was raised.
Change-Id: I2736efb28987c29e56bc946563b7fa781898a94a
Signed-off-by: Marc Strapetz <marc.strapetz@syntevo.com>
6 files changed, 35 insertions, 3 deletions
diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idx b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idx Binary files differnew file mode 100644 index 0000000000..20299154ee --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idx diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idxV2 b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idxV2 Binary files differnew file mode 100644 index 0000000000..28bd4a7774 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/pack-bad-fanout-table.idxV2 diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexTestCase.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexTestCase.java index fe05fbae39..910b928864 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexTestCase.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexTestCase.java @@ -12,13 +12,17 @@ package org.eclipse.jgit.internal.storage.file; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.fail; import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.util.Iterator; import java.util.NoSuchElementException; import org.eclipse.jgit.errors.MissingObjectException; +import org.eclipse.jgit.internal.JGitText; import org.eclipse.jgit.internal.storage.file.PackIndex.MutableEntry; import org.eclipse.jgit.junit.RepositoryTestCase; import org.junit.Test; @@ -51,6 +55,13 @@ public abstract class PackIndexTestCase extends RepositoryTestCase { public abstract File getFileForPackdf2982f28(); /** + * Return file with appropriate index version for bad fanout table test. + * + * @return file with index + */ + public abstract File getFileForBadFanoutTable(); + + /** * Verify CRC32 support. * * @throws MissingObjectException @@ -158,4 +169,15 @@ public abstract class PackIndexTestCase extends RepositoryTestCase { .name()); } + @Test + public void testBadFanoutTable() { + IOException ex = assertThrows(IOException.class, () -> { + try (FileInputStream fis = new FileInputStream( + getFileForBadFanoutTable())) { + PackIndex.read(fis); + } + }); + assertEquals(JGitText.get().indexFileIsTooLargeForJgit, + ex.getMessage()); + } } diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV1Test.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV1Test.java index e41ded7d71..c4f637276c 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV1Test.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV1Test.java @@ -35,6 +35,11 @@ public class PackIndexV1Test extends PackIndexTestCase { "pack-df2982f284bbabb6bdb59ee3fcc6eb0983e20371.idx"); } + @Override + public File getFileForBadFanoutTable() { + return JGitTestUtil.getTestResourceFile("pack-bad-fanout-table.idx"); + } + /** * Verify CRC32 - V1 should not index anything. * diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV2Test.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV2Test.java index c1da54721f..1d179abd86 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV2Test.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/storage/file/PackIndexV2Test.java @@ -35,6 +35,11 @@ public class PackIndexV2Test extends PackIndexTestCase { "pack-df2982f284bbabb6bdb59ee3fcc6eb0983e20371.idxV2"); } + @Override + public File getFileForBadFanoutTable() { + return JGitTestUtil.getTestResourceFile("pack-bad-fanout-table.idxV2"); + } + /** * Verify CRC32 indexing. * diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/storage/file/PackIndexV1.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/storage/file/PackIndexV1.java index 9cf95d0720..eb0ac6a062 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/storage/file/PackIndexV1.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/storage/file/PackIndexV1.java @@ -49,11 +49,11 @@ class PackIndexV1 extends PackIndex { idxHeader[k] = NB.decodeUInt32(fanoutTable, k * 4); idxdata = new byte[idxHeader.length][]; for (int k = 0; k < idxHeader.length; k++) { - int n; + long n; if (k == 0) { - n = (int) (idxHeader[k]); + n = idxHeader[k]; } else { - n = (int) (idxHeader[k] - idxHeader[k - 1]); + n = idxHeader[k] - idxHeader[k - 1]; } if (n > 0) { final long len = n * (Constants.OBJECT_ID_LENGTH + 4); |