8000 dir.c: reduce max pattern file size to 100MB · gitster/git@e7c3d1d · GitHub
[go: up one dir, main page]
Skip to content
/ git Public
forked from git/git

Commit e7c3d1d

Browse files
peffgitster
peff
authored and
gitster
committed
dir.c: reduce max pattern file size to 100MB
In a2bc523 (dir.c: skip .gitignore, etc larger than INT_MAX, 2024-05-31) we put capped the size of some files whose parsing code and data structures used ints. Setting the limit to INT_MAX was a natural spot, since we know the parsing code would misbehave above that. But it also leaves the possibility of overflow errors when we multiply that limit to allocate memory. For instance, a file consisting only of "a\na\n..." could have INT_MAX/2 entries. Allocating an array of pointers for each would need INT_MAX*4 bytes on a 64-bit system, enough to overflow a 32-bit int. So let's give ourselves a bit more safety margin by giving a much smaller limit. The size 100MB is somewhat arbitrary, but is based on the similar value for attribute files added by 3c50032 (attr: ignore overly large gitattributes files, 2022-12-01). There's no particular reason these have to be the same, but the idea is that they are in the ballpark of "so huge that nobody would care, but small enough to avoid malicious overflow". So lacking a better guess, it makes sense to use the same value. The implementation here doesn't share the same constant, but we could change that later (or even give it a runtime config knob, though nobody has complained yet about the attribute limit). And likewise, let's add a few tests that exercise the limits, based on the attr ones. In this case, though, we never read .gitignore from the index; the blob code is exercised only for sparse filters. So we'll trigger it that way. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent a2bc523 commit e7c3d1d

File tree

3 files changed

+28
-2
lines changed

3 files changed

+28
-2
lines changed

dir.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,12 @@
3232
#include "tree.h"
3333
#include "hex.h"
3434

35+
/*
36+
* The maximum size of a pattern/exclude file. If the file exceeds this size
37+
* we will ignore it.
38+
*/
39+
#define PATTERN_MAX_FILE_SIZE (100 * 1024 * 1024)
40+
3541
/*
3642
* Tells read_directory_recursive how a file or directory should be treated.
3743
* Values are ordered by significance, e.g. if a directory contains both
@@ -1137,7 +1143,7 @@ static int add_patterns(const char *fname, const char *base, int baselen,
11371143
}
11381144
}
11391145

1140-
if (size > INT_MAX) {
1146+
if (size > PATTERN_MAX_FILE_SIZE) {
11411147
warning("ignoring excessively large pattern file: %s", fname);
11421148
free(buf);
11431149
return -1;
@@ -1199,7 +1205,7 @@ int add_patterns_from_blob_to_list(
11991205
if (r != 1)
12001206
return r;
12011207

1202-
if (size > INT_MAX) {
1208+
if (size > PATTERN_MAX_FILE_SIZE) {
12031209
warning("ignoring excessively large pattern blob: %s",
12041210
oid_to_hex(oid));
12051211
free(buf);

t/t0008-ignores.sh

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -945,4 +945,12 @@ test_expect_success SYMLINKS 'symlinks not respected in-tree' '
945945
test_grep "unable to access.*gitignore" err
946946
'
947947

948+
test_expect_success EXPENSIVE 'large exclude file ignored in tree' '
949+
test_when_finished "rm .gitignore" &&
950+
dd if=/dev/zero of=.gitignore bs=101M count=1 &&
951+
git ls-files -o --exclude-standard 2>err &&
952+
echo "warning: ignoring excessively large pattern file: .gitignore" >expect &&
953+
test_cmp expect err
954+
'
955+
948956
test_done

t/t6112-rev-list-filters-objects.sh

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -701,4 +701,16 @@ test_expect_success 'expand blob limit in protocol' '
701701
grep "blob:limit=1024" trace
702702
'
703703

704+
test_expect_success EXPENSIVE 'large sparse filter file ignored' '
705+
blob=$(dd if=/dev/zero bs=101M count=1 |
706+
git hash-object -w --stdin) &&
707+
test_must_fail \
708+
git rev-list --all --objects --filter=sparse:oid=$blob 2>err &&
709+
cat >expect <<-EOF &&
710+
warning: ignoring excessively large pattern blob: $blob
711+
fatal: unable to parse sparse filter data in $blob
712+
EOF
713+
test_cmp expect err
714+
'
715+
704716
test_done

0 commit comments

Comments
 (0)
0