From 6d97beb91f413f4e90bab76fc7e05495bb0aab70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= Date: Thu, 25 Feb 2016 15:46:59 +0100 Subject: [PATCH] pack: don't allow a negative offset --- src/pack.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pack.c b/src/pack.c index b9b22a2ef..52c652178 100644 --- a/src/pack.c +++ b/src/pack.c @@ -365,9 +365,14 @@ static unsigned char *pack_window_open( * pointless to ask for an offset into the middle of that * hash, and the pack_window_contains function above wouldn't match * don't allow an offset too close to the end of the file. + * + * Don't allow a negative offset, as that means we've wrapped + * around. */ if (offset > (p->mwf.size - 20)) return NULL; + if (offset < 0) + return NULL; return git_mwindow_open(&p->mwf, w_cursor, offset, 20, left); }