diff options
Diffstat (limited to 'meta/recipes-devtools/git/files/CVE-2022-41903-06.patch')
-rw-r--r-- | meta/recipes-devtools/git/files/CVE-2022-41903-06.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch new file mode 100644 index 0000000000..93fbe5c7fe --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | From 48050c42c73c28b0c001d63d11dffac7e116847b Mon Sep 17 00:00:00 2001 | ||
2 | From: Patrick Steinhardt <ps@pks.im> | ||
3 | Date: Thu, 1 Dec 2022 15:46:49 +0100 | ||
4 | Subject: [PATCH 06/12] pretty: fix integer overflow in wrapping format | ||
5 | |||
6 | The `%w(width,indent1,indent2)` formatting directive can be used to | ||
7 | rewrap text to a specific width and is designed after git-shortlog(1)'s | ||
8 | `-w` parameter. While the three parameters are all stored as `size_t` | ||
9 | internally, `strbuf_add_wrapped_text()` accepts integers as input. As a | ||
10 | result, the casted integers may overflow. As these now-negative integers | ||
11 | are later on passed to `strbuf_addchars()`, we will ultimately run into | ||
12 | implementation-defined behaviour due to casting a negative number back | ||
13 | to `size_t` again. On my platform, this results in trying to allocate | ||
14 | 9000 petabyte of memory. | ||
15 | |||
16 | Fix this overflow by using `cast_size_t_to_int()` so that we reject | ||
17 | inputs that cannot be represented as an integer. | ||
18 | |||
19 | Signed-off-by: Patrick Steinhardt <ps@pks.im> | ||
20 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
21 | |||
22 | Upstream-Status: Backport [https://github.com/git/git/commit/48050c42c73c28b0c001d63d11dffac7e116847b] | ||
23 | CVE: CVE-2022-41903 | ||
24 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
25 | --- | ||
26 | git-compat-util.h | 8 ++++++++ | ||
27 | pretty.c | 4 +++- | ||
28 | t/t4205-log-pretty-formats.sh | 12 ++++++++++++ | ||
29 | 3 files changed, 23 insertions(+), 1 deletion(-) | ||
30 | |||
31 | diff --git a/git-compat-util.h b/git-compat-util.h | ||
32 | index a1ecfd3..b0f3890 100644 | ||
33 | --- a/git-compat-util.h | ||
34 | +++ b/git-compat-util.h | ||
35 | @@ -854,6 +854,14 @@ static inline size_t st_sub(size_t a, size_t b) | ||
36 | return a - b; | ||
37 | } | ||
38 | |||
39 | +static inline int cast_size_t_to_int(size_t a) | ||
40 | +{ | ||
41 | + if (a > INT_MAX) | ||
42 | + die("number too large to represent as int on this platform: %"PRIuMAX, | ||
43 | + (uintmax_t)a); | ||
44 | + return (int)a; | ||
45 | +} | ||
46 | + | ||
47 | #ifdef HAVE_ALLOCA_H | ||
48 | # include <alloca.h> | ||
49 | # define xalloca(size) (alloca(size)) | ||
50 | diff --git a/pretty.c b/pretty.c | ||
51 | index 195d005..ff9fc97 100644 | ||
52 | --- a/pretty.c | ||
53 | +++ b/pretty.c | ||
54 | @@ -898,7 +898,9 @@ static void strbuf_wrap(struct strbuf *sb, size_t pos, | ||
55 | if (pos) | ||
56 | strbuf_add(&tmp, sb->buf, pos); | ||
57 | strbuf_add_wrapped_text(&tmp, sb->buf + pos, | ||
58 | - (int) indent1, (int) indent2, (int) width); | ||
59 | + cast_size_t_to_int(indent1), | ||
60 | + cast_size_t_to_int(indent2), | ||
61 | + cast_size_t_to_int(width)); | ||
62 | strbuf_swap(&tmp, sb); | ||
63 | strbuf_release(&tmp); | ||
64 | } | ||
65 | diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh | ||
66 | index fa1bc2b..23ac508 100755 | ||
67 | --- a/t/t4205-log-pretty-formats.sh | ||
68 | +++ b/t/t4205-log-pretty-formats.sh | ||
69 | @@ -808,6 +808,18 @@ test_expect_success 'log --pretty with magical wrapping directives' ' | ||
70 | test_cmp expect actual | ||
71 | ' | ||
72 | |||
73 | +test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping directive' ' | ||
74 | + cat >expect <<-EOF && | ||
75 | + fatal: number too large to represent as int on this platform: 2147483649 | ||
76 | + EOF | ||
77 | + test_must_fail git log -1 --pretty="format:%w(2147483649,1,1)%d" 2>error && | ||
78 | + test_cmp expect error && | ||
79 | + test_must_fail git log -1 --pretty="format:%w(1,2147483649,1)%d" 2>error && | ||
80 | + test_cmp expect error && | ||
81 | + test_must_fail git log -1 --pretty="format:%w(1,1,2147483649)%d" 2>error && | ||
82 | + test_cmp expect error | ||
83 | +' | ||
84 | + | ||
85 | test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' | ||
86 | # We only assert that this command does not crash. This needs to be | ||
87 | # executed with the address sanitizer to demonstrate failure. | ||
88 | -- | ||
89 | 2.25.1 | ||
90 | |||