odb_loose: fix undefined behavior when computing size

pks-t · pks-t · commit 7f407710ef5d · 2016-05-02T17:45:24.000+02:00
An object's size is computed by reading the object header's size
field until the most significant bit is not set anymore. To get
the total size, we increase the shift on each iteration and add
the shifted value to the total size.

We read the current value into a variable of type `unsigned
char`, from which we then take all bits except the most
significant bit and shift the result. We will end up with a
maximum shift of 60, but this exceeds the width of the value's
type, resulting in undefined behavior.

Fix the issue by instead reading the values into a variable of
type `unsigned long`, which matches the required width. This is
equivalent to git.git, which uses an `unsigned long` as well.
diff --git a/src/odb_loose.c b/src/odb_loose.c
@@ -91,7 +91,7 @@ static int object_mkdir(const git_buf *name, const loose_backend *be)
 
 static size_t get_binary_object_header(obj_hdr *hdr, git_buf *obj)
 {
-	unsigned char c;
+	unsigned long c;
 	unsigned char *data = (unsigned char *)obj->ptr;
 	size_t shift, size, used = 0;
 

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ static int object_mkdir(const git_buf name, const loose_backend be)`
`91`	`91`
`92`	`92`	`static size_t get_binary_object_header(obj_hdr hdr, git_buf obj)`
`93`	`93`	`{`
`94`		`- unsigned char c;`
	`94`	`+ unsigned long c;`
`95`	`95`	`unsigned char data = (unsigned char )obj->ptr;`
`96`	`96`	`size_t shift, size, used = 0;`
`97`	`97`