development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-08-27 11:39:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

git-fast-import possible memory corruption problem

Browse source 
Internal "allocate in bulk, we will never free this memory anyway"
allocator used in fast-import had a logic to round up the size of the
requested memory block in a wrong place (it computed if the available
space is enough to fit the request first, and then carved a chunk of
memory by size rounded up to the alignment, which could go beyond the
actually available space).

Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
YONETANI Tomokazu 2008-12-14 11:08:22 +09:00 committed by Junio C Hamano
parent 7e76aba317
commit 2fad5329f4
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
fast-import.c
View file

@ -554,6 +554,10 @@ static void *pool_alloc(size_t len)
struct mem_pool *p;
void *r;
/* round up to a 'uintmax_t' alignment */
if (len & (sizeof(uintmax_t) - 1))
len += sizeof(uintmax_t) - (len & (sizeof(uintmax_t) - 1));
for (p = mem_pool; p; p = p->next_pool)
if ((p->end - p->next_free >= len))
break;
@ -572,9 +576,6 @@ static void *pool_alloc(size_t len)
}
r = p->next_free;
/* round out to a 'uintmax_t' alignment */
if (len & (sizeof(uintmax_t) - 1))
len += sizeof(uintmax_t) - (len & (sizeof(uintmax_t) - 1));
p->next_free += len;
return r;
}