Re: [PATCH 13/20] commit-graph: detect out-of-bounds extra-edges pointers

[PATCH 0/20] bounds-checks for chunk-based files · Jeff King <hidden> · 2023-10-09
[PATCH 01/20] chunk-format: note that pair_chunk() is unsafe · Jeff King <hidden> · 2023-10-09
Re: [PATCH 01/20] chunk-format: note that pair_chunk() is unsafe · Taylor Blau <hidden> · 2023-10-10
Re: [PATCH 01/20] chunk-format: note that pair_chunk() is unsafe · Jeff King <hidden> · 2023-10-11
[PATCH 02/20] t: add library for munging chunk-format files · Jeff King <hidden> · 2023-10-09
Re: [PATCH 02/20] t: add library for munging chunk-format files · Taylor Blau <hidden> · 2023-10-10
[PATCH 03/20] midx: stop ignoring malformed oid fanout chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 03/20] midx: stop ignoring malformed oid fanout chunk · Taylor Blau <hidden> · 2023-10-10
Re: [PATCH 03/20] midx: stop ignoring malformed oid fanout chunk · Jeff King <hidden> · 2023-10-11
[PATCH 04/20] commit-graph: check size of oid fanout chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 04/20] commit-graph: check size of oid fanout chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 04/20] commit-graph: check size of oid fanout chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 04/20] commit-graph: check size of oid fanout chunk · Jeff King <hidden> · 2023-10-11
[PATCH 05/20] midx: check size of oid lookup chunk · Jeff King <hidden> · 2023-10-09
[PATCH 06/20] commit-graph: check consistency of fanout table · Jeff King <hidden> · 2023-10-09
Re: [PATCH 06/20] commit-graph: check consistency of fanout table · Taylor Blau <hidden> · 2023-10-11
[PATCH 07/20] midx: check size of pack names chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 07/20] midx: check size of pack names chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 07/20] midx: check size of pack names chunk · Jeff King <hidden> · 2023-10-11
[PATCH 08/20] midx: enforce chunk alignment on reading · Jeff King <hidden> · 2023-10-09
Re: [PATCH 08/20] midx: enforce chunk alignment on reading · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 08/20] midx: enforce chunk alignment on reading · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 08/20] midx: enforce chunk alignment on reading · Jeff King <hidden> · 2023-10-11
[PATCH 09/20] midx: check size of object offset chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 09/20] midx: check size of object offset chunk · Taylor Blau <hidden> · 2023-10-11
[PATCH 10/20] midx: bounds-check large offset chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 10/20] midx: bounds-check large offset chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 10/20] midx: bounds-check large offset chunk · Jeff King <hidden> · 2023-10-11
[PATCH 11/20] midx: check size of revindex chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 11/20] midx: check size of revindex chunk · Taylor Blau <hidden> · 2023-10-11
[PATCH 12/20] commit-graph: check size of commit data chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 12/20] commit-graph: check size of commit data chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 12/20] commit-graph: check size of commit data chunk · Jeff King <hidden> · 2023-10-11
[PATCH 13/20] commit-graph: detect out-of-bounds extra-edges pointers · Jeff King <hidden> · 2023-10-09
Re: [PATCH 13/20] commit-graph: detect out-of-bounds extra-edges pointers · Taylor Blau <hidden> · 2023-10-11
[PATCH 14/20] commit-graph: bounds-check base graphs chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 14/20] commit-graph: bounds-check base graphs chunk · Taylor Blau <hidden> · 2023-10-11
[PATCH 15/20] commit-graph: check size of generations chunk · Jeff King <hidden> · 2023-10-09
[PATCH 16/20] commit-graph: bounds-check generation overflow chunk · Jeff King <hidden> · 2023-10-09
[PATCH 17/20] commit-graph: check bounds when accessing BDAT chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 17/20] commit-graph: check bounds when accessing BDAT chunk · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 17/20] commit-graph: check bounds when accessing BDAT chunk · Jeff King <hidden> · 2023-10-11
[PATCH 18/20] commit-graph: check bounds when accessing BIDX chunk · Jeff King <hidden> · 2023-10-09
Re: [PATCH 18/20] commit-graph: check bounds when accessing BIDX chunk · Taylor Blau <hidden> · 2023-10-11
[PATCH 19/20] commit-graph: detect out-of-order BIDX offsets · Jeff King <hidden> · 2023-10-09
Re: [PATCH 19/20] commit-graph: detect out-of-order BIDX offsets · Taylor Blau <hidden> · 2023-10-11
[PATCH 20/20] chunk-format: drop pair_chunk_unsafe() · Jeff King <hidden> · 2023-10-09
Re: [PATCH 0/20] bounds-checks for chunk-based files · Taylor Blau <hidden> · 2023-10-11
Re: [PATCH 0/20] bounds-checks for chunk-based files · Jeff King <hidden> · 2023-10-11
[PATCH 0/8] chunk-format: introduce `pair_chunk_expect()` convenience API · Taylor Blau <hidden> · 2023-10-13
[PATCH 1/8] chunk-format: introduce `pair_chunk_expect()` helper · Taylor Blau <hidden> · 2023-10-13
[PATCH 2/8] commit-graph: read `OIDF` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 3/8] commit-graph: read `CDAT` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 4/8] commit-graph: read `GDAT` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 5/8] commit-graph: read `BIDX` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
Re: [PATCH 5/8] commit-graph: read `BIDX` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 6/8] midx: read `OIDF` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 7/8] midx: read `OIDL` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
[PATCH 8/8] midx: read `OOFF` chunk with `pair_chunk_expect()` · Taylor Blau <hidden> · 2023-10-13
Re: [PATCH 0/8] chunk-format: introduce `pair_chunk_expect()` convenience API · Jeff King <hidden> · 2023-10-20
[PATCH 21/20] t5319: make corrupted large-offset test more robust · Jeff King <hidden> · 2023-10-14

From: Taylor Blau <hidden>
Date: 2023-10-11 19:02:17

On Mon, Oct 09, 2023 at 05:05:38PM -0400, Jeff King wrote:

---
 commit-graph.c          | 20 ++++++++++++++------
 commit-graph.h          |  1 +
 t/t5318-commit-graph.sh |  8 ++++++++
 3 files changed, 23 insertions(+), 6 deletions(-)

All looks good here, and the proposed log message is very clear and
well-written. One minor note below...

quoted hunk ↗ jump to hunk

@@ -931,14 +932,21 @@ static int fill_commit_in_graph(struct repository *r,
 		return 1;
 	}

-	parent_data_ptr = (uint32_t*)(g->chunk_extra_edges +
-			  st_mult(4, edge_value & GRAPH_EDGE_LAST_MASK));
+	parent_data_pos = edge_value & GRAPH_EDGE_LAST_MASK;
 	do {
-		edge_value = get_be32(parent_data_ptr);
+		if (g->chunk_extra_edges_size / sizeof(uint32_t) <= parent_data_pos) {
+			error("commit-graph extra-edges pointer out of bounds");

It might be nice to add some extra data here, too, like which commit OID
we were trying to load, the offset we were supposed to read at, and the
size of the extra edges chunk itself.

We should probably also mark this string for translation, but both are
minor points.

Thanks,
Taylor

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help