[07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s

Message ID	4067ff3f1b422734b79591268644a38f053d2f54.1689205042.git.me@ttaylorr.com (mailing list archive)
State	Accepted
Commit	cc38127439be50ade60fb2db18c7f5f0cc170a36
Headers	show Return-Path: <git-owner@vger.kernel.org> Date: Wed, 12 Jul 2023 19:37:44 -0400 From: Taylor Blau <me@ttaylorr.com> To: git@vger.kernel.org Cc: Derrick Stolee <derrickstolee@github.com>, Jeff King <peff@peff.net>, Johannes Schindelin <Johannes.Schindelin@gmx.de>, Junio C Hamano <gitster@pobox.com>, Victoria Dye <vdye@github.com> Subject: [PATCH 07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s Message-ID: <4067ff3f1b422734b79591268644a38f053d2f54.1689205042.git.me@ttaylorr.com> References: <cover.1689205042.git.me@ttaylorr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <cover.1689205042.git.me@ttaylorr.com> Precedence: bulk
Series	guard object lookups against 32-bit overflow \| expand [00/20] guard object lookups against 32-bit overflow [01/20] packfile.c: prevent overflow in `nth_packed_object_id()` [02/20] packfile.c: prevent overflow in `load_idx()` [03/20] packfile.c: use checked arithmetic in `nth_packed_object_offset()` [04/20] midx.c: use `size_t`'s for fanout nr and alloc [05/20] midx.c: prevent overflow in `nth_midxed_object_oid()` [06/20] midx.c: prevent overflow in `nth_midxed_offset()` [07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s [08/20] midx.c: prevent overflow in `write_midx_internal()` [09/20] midx.c: prevent overflow in `fill_included_packs_batch()` [10/20] pack-bitmap.c: ensure that eindex lookups don't overflow [11/20] commit-graph.c: prevent overflow in `write_commit_graph_file()` [12/20] commit-graph.c: prevent overflow in add_graph_to_chain() [13/20] commit-graph.c: prevent overflow in `load_oid_from_graph()` [14/20] commit-graph.c: prevent overflow in `fill_commit_graph_info()` [15/20] commit-graph.c: prevent overflow in `fill_commit_in_graph()` [16/20] commit-graph.c: prevent overflow in `load_tree_for_commit()` [17/20] commit-graph.c: prevent overflow in `split_graph_merge_strategy()` [18/20] commit-graph.c: prevent overflow in `merge_commit_graph()` [19/20] commit-graph.c: prevent overflow in `write_commit_graph()` [20/20] commit-graph.c: prevent overflow in `verify_commit_graph()`

Message ID

4067ff3f1b422734b79591268644a38f053d2f54.1689205042.git.me@ttaylorr.com (mailing list archive)

State

Accepted

Commit

cc38127439be50ade60fb2db18c7f5f0cc170a36

Headers

Date: Wed, 12 Jul 2023 19:37:44 -0400
From: Taylor Blau <me@ttaylorr.com>
To: git@vger.kernel.org
Cc: Derrick Stolee <derrickstolee@github.com>,
        Jeff King <peff@peff.net>,
        Johannes Schindelin <Johannes.Schindelin@gmx.de>,
        Junio C Hamano <gitster@pobox.com>,
        Victoria Dye <vdye@github.com>
Subject: [PATCH 07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s
Message-ID: 
 <4067ff3f1b422734b79591268644a38f053d2f54.1689205042.git.me@ttaylorr.com>
References: <cover.1689205042.git.me@ttaylorr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <cover.1689205042.git.me@ttaylorr.com>
Precedence: bulk

Series

guard object lookups against 32-bit overflow | expand

Commit Message

Taylor Blau July 12, 2023, 11:37 p.m. UTC

In the `write_midx_context` structure, we use two `uint32_t`'s to track
the length and allocated size of the packs, and one `uint32_t` to track
the number of objects in the MIDX.

In practice, having these be 32-bit unsigned values shouldn't cause any
problems since we are unlikely to have that many objects or packs in any
real-world repository. But these values should be `size_t`'s, so change
their type to reflect that.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 midx.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/midx.c b/midx.c
index a5a4ff4398..b176745df1 100644
--- a/midx.c
+++ b/midx.c
@@ -446,14 +446,14 @@  static int idx_or_pack_name_cmp(const void *_va, const void *_vb)
 
 struct write_midx_context {
 	struct pack_info *info;
-	uint32_t nr;
-	uint32_t alloc;
+	size_t nr;
+	size_t alloc;
 	struct multi_pack_index *m;
 	struct progress *progress;
 	unsigned pack_paths_checked;
 
 	struct pack_midx_entry *entries;
-	uint32_t entries_nr;
+	size_t entries_nr;
 
 	uint32_t *pack_perm;
 	uint32_t *pack_order;
@@ -671,17 +671,18 @@  static void midx_fanout_add_pack_fanout(struct midx_fanout *fanout,
 static struct pack_midx_entry *get_sorted_entries(struct multi_pack_index *m,
 						  struct pack_info *info,
 						  uint32_t nr_packs,
-						  uint32_t *nr_objects,
+						  size_t *nr_objects,
 						  int preferred_pack)
 {
 	uint32_t cur_fanout, cur_pack, cur_object;
-	uint32_t alloc_objects, total_objects = 0;
+	size_t alloc_objects, total_objects = 0;
 	struct midx_fanout fanout = { 0 };
 	struct pack_midx_entry *deduplicated_entries = NULL;
 	uint32_t start_pack = m ? m->num_packs : 0;
 
 	for (cur_pack = start_pack; cur_pack < nr_packs; cur_pack++)
-		total_objects += info[cur_pack].p->num_objects;
+		total_objects = st_add(total_objects,
+				       info[cur_pack].p->num_objects);
 
 	/*
 	 * As we de-duplicate by fanout value, we expect the fanout
@@ -724,7 +725,8 @@  static struct pack_midx_entry *get_sorted_entries(struct multi_pack_index *m,
 						&fanout.entries[cur_object].oid))
 				continue;
 
-			ALLOC_GROW(deduplicated_entries, *nr_objects + 1, alloc_objects);
+			ALLOC_GROW(deduplicated_entries, st_add(*nr_objects, 1),
+				   alloc_objects);
 			memcpy(&deduplicated_entries[*nr_objects],
 			       &fanout.entries[cur_object],
 			       sizeof(struct pack_midx_entry));

[07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s

Commit Message

Patch