On Thu, Aug 30, 2018 at 9:05 AM Jeff King wrote:
>
> On Wed, Aug 29, 2018 at 10:58:55PM +0200, Jann Horn wrote:
>
> > If `cmd` is in the range [0x01,0x7f] and `cmd > top-data`, the
> > `memcpy(out, data, cmd)` can copy out-of-bounds data from after `delta_buf`
> > i
On Wed, Aug 29, 2018 at 11:34 PM Jeff King wrote:
>
> On Wed, Aug 29, 2018 at 10:58:56PM +0200, Jann Horn wrote:
>
> > This ensures that any attempts to access memory directly after the input
> > buffer or delta buffer in a delta test will cause a segmentation fault.
>
This ensures that any attempts to access memory directly after the input
buffer or delta buffer in a delta test will cause a segmentation fault.
Inspired by vsftpd.
Signed-off-by: Jann Horn
---
t/helper/test-delta.c | 78 +--
1 file changed, 53
This verifies the changes from commit "patch-delta: fix oob read".
Signed-off-by: Jann Horn
---
t/t5303-pack-corruption-resilience.sh | 18 ++
1 file changed, 18 insertions(+)
diff --git a/t/t5303-pack-corruption-resilience.sh
b/t/t5303-pack-corruption-resilienc
lta buffer ends with a command and the destination buffer is already
full.
Signed-off-by: Jann Horn
---
patch-delta.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/patch-delta.c b/patch-delta.c
index 56e0a5ede..283fb4b75 100644
--- a/patch-delta.c
+++ b/patch-delt
5 matches
Mail list logo
