File tree Expand file tree Collapse file tree 2 files changed +7
-0
lines changed Expand file tree Collapse file tree 2 files changed +7
-0
lines changed Original file line number Diff line number Diff line change @@ -143,6 +143,8 @@ int git_attr_file__load(
143143 blobsize = git_blob_rawsize (blob );
144144
145145 GIT_ERROR_CHECK_BLOBSIZE (blobsize );
146+ if (blobsize > GIT_ATTR_MAX_FILE_SIZE ) /* TODO: issue warning when warning API is available */
147+ goto cleanup ;
146148 git_str_put (& content , git_blob_rawcontent (blob ), (size_t )blobsize );
147149 break ;
148150 }
@@ -155,6 +157,7 @@ int git_attr_file__load(
155157 if (p_stat (entry -> fullpath , & st ) < 0 ||
156158 S_ISDIR (st .st_mode ) ||
157159 (fd = git_futils_open_ro (entry -> fullpath )) < 0 ||
160+ (st .st_size > GIT_ATTR_MAX_FILE_SIZE ) ||
158161 (error = git_futils_readbuffer_fd (& content , fd , (size_t )st .st_size )) < 0 )
159162 nonexistent = true;
160163
@@ -198,6 +201,8 @@ int git_attr_file__load(
198201 blobsize = git_blob_rawsize (blob );
199202
200203 GIT_ERROR_CHECK_BLOBSIZE (blobsize );
204+ if (blobsize > GIT_ATTR_MAX_FILE_SIZE ) /* TODO: issue warning when warning API is available */
205+ goto cleanup ;
201206 if ((error = git_str_put (& content ,
202207 git_blob_rawcontent (blob ), (size_t )blobsize )) < 0 )
203208 goto cleanup ;
Original file line number Diff line number Diff line change 2121#define GIT_ATTR_FILE_SYSTEM "gitattributes"
2222#define GIT_ATTR_FILE_XDG "attributes"
2323
24+ #define GIT_ATTR_MAX_FILE_SIZE 100 * 1024 * 1024
25+
2426#define GIT_ATTR_FNMATCH_NEGATIVE (1U << 0)
2527#define GIT_ATTR_FNMATCH_DIRECTORY (1U << 1)
2628#define GIT_ATTR_FNMATCH_FULLPATH (1U << 2)
You can’t perform that action at this time.
0 commit comments