sha1_file: guard against invalid loose subdirectory numbers

Loose object subdirectories have hexadecimal names based on the first
byte of the hash of contained objects, thus their numerical
representation can range from 0 (0x00) to 255 (0xff).  Change the type
of the corresponding variable in for_each_file_in_obj_subdir() and
associated callback functions to unsigned int and add a range check.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/fsck.c b/builtin/fsck.c
index b5e13a45560f9338a65191c22d213f33052bf9b9..26869513816608feb458d5e63b8548e32954145e 100644 (file)
--- a/builtin/fsck.c
+++ b/builtin/fsck.c
@@ -537,7 +537,7 @@ static int fsck_cruft(const char *basename, const char *path, void *data)
        return 0;
 }
 
-static int fsck_subdir(int nr, const char *path, void *progress)
+static int fsck_subdir(unsigned int nr, const char *path, void *progress)
 {
        display_progress(progress, nr + 1);
        return 0;

diff --git a/builtin/prune-packed.c b/builtin/prune-packed.c
index c026299e789abe19826264225fa2000b3149f875..ac978ad401c01c4f44d3134b95a2bcb8b29973f9 100644 (file)
--- a/builtin/prune-packed.c
+++ b/builtin/prune-packed.c
@@ -10,7 +10,7 @@ static const char * const prune_packed_usage[] = {
 
 static struct progress *progress;
 
-static int prune_subdir(int nr, const char *path, void *data)
+static int prune_subdir(unsigned int nr, const char *path, void *data)
 {
        int *opts = data;
        display_progress(progress, nr + 1);

diff --git a/builtin/prune.c b/builtin/prune.c
index 42633e0c6e672c46852f0590f1941249691f962c..ea208c97f883d0bc0c7c9d78e710db457555393b 100644 (file)
--- a/builtin/prune.c
+++ b/builtin/prune.c
@@ -68,7 +68,7 @@ static int prune_cruft(const char *basename, const char *path, void *data)
        return 0;
 }
 
-static int prune_subdir(int nr, const char *path, void *data)
+static int prune_subdir(unsigned int nr, const char *path, void *data)
 {
        if (!show_only)
                rmdir(path);

diff --git a/cache.h b/cache.h
index 1ad914084b9981ff8abdd03d51712546b69950d8..7f7ec5d56d8244d42ebe824b1bbc960ddf87634e 100644 (file)
--- a/cache.h
+++ b/cache.h
@@ -1805,10 +1805,10 @@ typedef int each_loose_object_fn(const struct object_id *oid,
 typedef int each_loose_cruft_fn(const char *basename,
                                const char *path,
                                void *data);
-typedef int each_loose_subdir_fn(int nr,
+typedef int each_loose_subdir_fn(unsigned int nr,
                                 const char *path,
                                 void *data);
-int for_each_file_in_obj_subdir(int subdir_nr,
+int for_each_file_in_obj_subdir(unsigned int subdir_nr,
                                struct strbuf *path,
                                each_loose_object_fn obj_cb,
                                each_loose_cruft_fn cruft_cb,

diff --git a/sha1_file.c b/sha1_file.c
index 98ce85acf9cf41de536f55a880e0ae18ff1205f6..77050a38017739dbdf5295ad246b0698756a9bf1 100644 (file)
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -3735,7 +3735,7 @@ void assert_sha1_type(const unsigned char *sha1, enum object_type expect)
                    typename(expect));
 }
 
-int for_each_file_in_obj_subdir(int subdir_nr,
+int for_each_file_in_obj_subdir(unsigned int subdir_nr,
                                struct strbuf *path,
                                each_loose_object_fn obj_cb,
                                each_loose_cruft_fn cruft_cb,
@@ -3747,6 +3747,9 @@ int for_each_file_in_obj_subdir(int subdir_nr,
        struct dirent *de;
        int r = 0;
 
+       if (subdir_nr > 0xff)
+               BUG("invalid loose object subdirectory: %x", subdir_nr);
+
        origlen = path->len;
        strbuf_complete(path, '/');
        strbuf_addf(path, "%02x", subdir_nr);