libFuzzer: Prevent a potential shift overflow

lhchavez · lhchavez · commit 28662c13a8a3 · 2017-12-08T06:00:27.000Z
The type of |base_offset| in get_delta_base() is `git_off_t`, which is a
signed `long`. That means that we need to make sure that the 8 most
significant bits are zero (instead of 7) to avoid an overflow when it is
shifted by 7 bits.

Found using libFuzzer.
diff --git a/src/pack.c b/src/pack.c
@@ -939,7 +939,7 @@ git_off_t get_delta_base(
 			if (left <= used)
 				return GIT_EBUFS;
 			base_offset += 1;
-			if (!base_offset || MSB(base_offset, 7))
+			if (!base_offset || MSB(base_offset, 8))
 				return 0; /* overflow */
 			c = base_info[used++];
 			base_offset = (base_offset << 7) + (c & 127);
