@@ -330,16 +330,6 @@ static int graph_read_oid_lookup(const unsigned char *chunk_start,
return 0;
}
-static int graph_read_commit_data(const unsigned char *chunk_start,
- size_t chunk_size, void *data)
-{
- struct commit_graph *g = data;
- if (chunk_size != g->num_commits * GRAPH_DATA_WIDTH)
- return error("commit-graph commit data chunk is wrong size");
- g->chunk_commit_data = chunk_start;
- return 0;
-}
-
static int graph_read_generation_data(const unsigned char *chunk_start,
size_t chunk_size, void *data)
{
@@ -457,7 +447,10 @@ struct commit_graph *parse_commit_graph(struct repo_settings *s,
256 * sizeof(uint32_t)))
error(_("commit-graph oid fanout chunk is wrong size"));
read_chunk(cf, GRAPH_CHUNKID_OIDLOOKUP, graph_read_oid_lookup, graph);
- read_chunk(cf, GRAPH_CHUNKID_DATA, graph_read_commit_data, graph);
+ if (pair_chunk_expect(cf, GRAPH_CHUNKID_DATA,
+ &graph->chunk_commit_data,
+ st_mult(graph->num_commits, GRAPH_DATA_WIDTH)))
+ error(_("commit-graph commit data chunk is wrong size"));
pair_chunk(cf, GRAPH_CHUNKID_EXTRAEDGES, &graph->chunk_extra_edges,
&graph->chunk_extra_edges_size);
pair_chunk(cf, GRAPH_CHUNKID_BASE, &graph->chunk_base_graphs,
Perform a similar conversion as in the previous commit read the CDAT bits. While we're here, mark the error() string for translation, and guard against overflow when computing the expected size by wrapping it in an st_mult() call. Note that the pre-image of this patch was already sufficiently guarded against overflow, since GRAPH_DATA_WIDTH is defined as (the_hash_algo->rawsz + 16), so the expression in the parenthesis would get performed as a size_t, and then g->num_commits would be promoted to the width of size_t for the purposes of evaluating this expression. But let's make it explicitly clear that this computation is safe by wrapping it in an st_mult() call. Signed-off-by: Taylor Blau <me@ttaylorr.com> --- commit-graph.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-)