mirror of
https://github.com/git/git
synced 2024-10-30 03:13:24 +00:00
48fb7deb5b
Shifting 'unsigned char' or 'unsigned short' left can result in sign extension errors, since the C integer promotion rules means that the unsigned char/short will get implicitly promoted to a signed 'int' due to the shift (or due to other operations). This normally doesn't matter, but if you shift things up sufficiently, it will now set the sign bit in 'int', and a subsequent cast to a bigger type (eg 'long' or 'unsigned long') will now sign-extend the value despite the original expression being unsigned. One example of this would be something like unsigned long size; unsigned char c; size += c << 24; where despite all the variables being unsigned, 'c << 24' ends up being a signed entity, and will get sign-extended when then doing the addition in an 'unsigned long' type. Since git uses 'unsigned char' pointers extensively, we actually have this bug in a couple of places. I may have missed some, but this is the result of looking at git grep '[^0-9 ][ ]*<<[ ][a-z]' -- '*.c' '*.h' git grep '<<[ ]*24' which catches at least the common byte cases (shifting variables by a variable amount, and shifting by 24 bits). I also grepped for just 'unsigned char' variables in general, and converted the ones that most obviously ended up getting implicitly cast immediately anyway (eg hash_name(), encode_85()). In addition to just avoiding 'unsigned char', this patch also tries to use a common idiom for the delta header size thing. We had three different variations on it: "& 0x7fUL" in one place (getting the sign extension right), and "& ~0x80" and "& 0x7f" in two other places (not getting it right). Apart from making them all just avoid using "unsigned char" at all, I also unified them to then use a simple "& 0x7f". I considered making a sparse extension which warns about doing implicit casts from unsigned types to signed types, but it gets rather complex very quickly, so this is just a hack. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
140 lines
2.9 KiB
C
140 lines
2.9 KiB
C
#include "cache.h"
|
|
|
|
#undef DEBUG_85
|
|
|
|
#ifdef DEBUG_85
|
|
#define say(a) fprintf(stderr, a)
|
|
#define say1(a,b) fprintf(stderr, a, b)
|
|
#define say2(a,b,c) fprintf(stderr, a, b, c)
|
|
#else
|
|
#define say(a) do {} while(0)
|
|
#define say1(a,b) do {} while(0)
|
|
#define say2(a,b,c) do {} while(0)
|
|
#endif
|
|
|
|
static const char en85[] = {
|
|
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
|
|
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
|
|
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
|
|
'U', 'V', 'W', 'X', 'Y', 'Z',
|
|
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
|
|
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
|
|
'u', 'v', 'w', 'x', 'y', 'z',
|
|
'!', '#', '$', '%', '&', '(', ')', '*', '+', '-',
|
|
';', '<', '=', '>', '?', '@', '^', '_', '`', '{',
|
|
'|', '}', '~'
|
|
};
|
|
|
|
static char de85[256];
|
|
static void prep_base85(void)
|
|
{
|
|
int i;
|
|
if (de85['Z'])
|
|
return;
|
|
for (i = 0; i < ARRAY_SIZE(en85); i++) {
|
|
int ch = en85[i];
|
|
de85[ch] = i + 1;
|
|
}
|
|
}
|
|
|
|
int decode_85(char *dst, const char *buffer, int len)
|
|
{
|
|
prep_base85();
|
|
|
|
say2("decode 85 <%.*s>", len/4*5, buffer);
|
|
while (len) {
|
|
unsigned acc = 0;
|
|
int de, cnt = 4;
|
|
unsigned char ch;
|
|
do {
|
|
ch = *buffer++;
|
|
de = de85[ch];
|
|
if (--de < 0)
|
|
return error("invalid base85 alphabet %c", ch);
|
|
acc = acc * 85 + de;
|
|
} while (--cnt);
|
|
ch = *buffer++;
|
|
de = de85[ch];
|
|
if (--de < 0)
|
|
return error("invalid base85 alphabet %c", ch);
|
|
/*
|
|
* Detect overflow. The largest
|
|
* 5-letter possible is "|NsC0" to
|
|
* encode 0xffffffff, and "|NsC" gives
|
|
* 0x03030303 at this point (i.e.
|
|
* 0xffffffff = 0x03030303 * 85).
|
|
*/
|
|
if (0x03030303 < acc ||
|
|
0xffffffff - de < (acc *= 85))
|
|
return error("invalid base85 sequence %.5s", buffer-5);
|
|
acc += de;
|
|
say1(" %08x", acc);
|
|
|
|
cnt = (len < 4) ? len : 4;
|
|
len -= cnt;
|
|
do {
|
|
acc = (acc << 8) | (acc >> 24);
|
|
*dst++ = acc;
|
|
} while (--cnt);
|
|
}
|
|
say("\n");
|
|
|
|
return 0;
|
|
}
|
|
|
|
void encode_85(char *buf, const unsigned char *data, int bytes)
|
|
{
|
|
prep_base85();
|
|
|
|
say("encode 85");
|
|
while (bytes) {
|
|
unsigned acc = 0;
|
|
int cnt;
|
|
for (cnt = 24; cnt >= 0; cnt -= 8) {
|
|
unsigned ch = *data++;
|
|
acc |= ch << cnt;
|
|
if (--bytes == 0)
|
|
break;
|
|
}
|
|
say1(" %08x", acc);
|
|
for (cnt = 4; cnt >= 0; cnt--) {
|
|
int val = acc % 85;
|
|
acc /= 85;
|
|
buf[cnt] = en85[val];
|
|
}
|
|
buf += 5;
|
|
}
|
|
say("\n");
|
|
|
|
*buf = 0;
|
|
}
|
|
|
|
#ifdef DEBUG_85
|
|
int main(int ac, char **av)
|
|
{
|
|
char buf[1024];
|
|
|
|
if (!strcmp(av[1], "-e")) {
|
|
int len = strlen(av[2]);
|
|
encode_85(buf, av[2], len);
|
|
if (len <= 26) len = len + 'A' - 1;
|
|
else len = len + 'a' - 26 + 1;
|
|
printf("encoded: %c%s\n", len, buf);
|
|
return 0;
|
|
}
|
|
if (!strcmp(av[1], "-d")) {
|
|
int len = *av[2];
|
|
if ('A' <= len && len <= 'Z') len = len - 'A' + 1;
|
|
else len = len - 'a' + 26 + 1;
|
|
decode_85(buf, av[2]+1, len);
|
|
printf("decoded: %.*s\n", len, buf);
|
|
return 0;
|
|
}
|
|
if (!strcmp(av[1], "-t")) {
|
|
char t[4] = { -1,-1,-1,-1 };
|
|
encode_85(buf, t, 4);
|
|
printf("encoded: D%s\n", buf);
|
|
return 0;
|
|
}
|
|
}
|
|
#endif
|