fix(pack): ensure pack_backend__read returns null terminated buffer#7238
Merged
Merged
Conversation
Depending on the zlib library used, the inflate() function may write beyond the object size into the additional trailing buffer for aligned memory copies. This may cause out-of-bounds memory read if the object buffer is later used without checking the object size, as in git_commit__extract_signature. Link: zlib-ng/zlib-ng#1767 Signed-off-by: Kan-Ru Chen <kanru@kanru.info>
Member
|
Seems reasonable — cheers! |
Contributor
Author
|
Thanks! The CI failure looks unrelated though. |
Member
|
Agreed - those should be fixed by #7239 |
1 task
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 5, 2026
v1.9.3 This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support. * cmake: fix linker error when using ninja build generator by @kcsaul in libgit2/libgit2#7249 * Handle redirects with Content-Length: 0 correctly by @ethomson in libgit2/libgit2#7246 * ci: use poxygit v0.8.1 in the tests by @ethomson in libgit2/libgit2#7248 * Zero indexer stats in pack objects by @ethomson in libgit2/libgit2#7243 * submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in libgit2/libgit2#7003 * fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in libgit2/libgit2#7165 * merge_files: avoid UB in xdiff by @ethomson in libgit2/libgit2#7239 * git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in libgit2/libgit2#7092 * cmake: write git.h.tmp to current binary directory by @kcsaul in libgit2/libgit2#7241 * fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in libgit2/libgit2#7238 * Check object lengths against headers in read_loose by @howtonotwin in libgit2/libgit2#7178 * cmake: don't recreate git2.h unnecessarily by @ethomson in libgit2/libgit2#7234 * Memory Backend Corruption Fix by @kcsaul in libgit2/libgit2#7232 * Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in libgit2/libgit2#7118 * fix(transport): get oid_type on local transport by @weihanglo in libgit2/libgit2#7229 * `GIT_REMOTE_DOWNLOAD_TAGS_ALL`: remove stray "the" in docs by @DanielEScherzer in libgit2/libgit2#7228 * fix(clone): propagate object format in local clone by @weihanglo in libgit2/libgit2#7226 * repo: Fix possible null pointer dereference by @csware in libgit2/libgit2#7225 * revparse: Allow `HEAD` abbreviation `@` by @KoviRobi in libgit2/libgit2#7218 * camke: include libssh2 in `Requires.private` in the PC file by @carlosmn in libgit2/libgit2#7215 * futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in libgit2/libgit2#7211 * pcre: actually fix dangling-pointer warning by @ethomson in libgit2/libgit2#7206 * pcre: update cmake warnings for non-gcc by @ethomson in libgit2/libgit2#7205 * Fix some warnings with gcc by @ethomson in libgit2/libgit2#7203 * fix: apply insteadOf from global config for detached remotes by @weihanglo in libgit2/libgit2#7195 * Fix `git_index_entry` documentation by @bakersdozen123 in libgit2/libgit2#7192 * config: Fix potential null value passed to %s by @ethomson in libgit2/libgit2#7190 * index: support USE_NSEC=OFF by @ethomson in libgit2/libgit2#7187 * feat(remote): expose `git_remote_oid_type` by @weihanglo in libgit2/libgit2#7185 * fix(smart): keep caps across RPC stream resets by @weihanglo in libgit2/libgit2#7183 * fix wrong comment by @Murmele in libgit2/libgit2#7181 * fix(sha256): pass correct oid type by @weihanglo in libgit2/libgit2#7179 * examples: correct `git_commit_time` comment by @qaqland in libgit2/libgit2#7175 * tests: update to latest clar by @ethomson in libgit2/libgit2#7173 * delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in libgit2/libgit2#7172 * ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in libgit2/libgit2#7167 * ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in libgit2/libgit2#7164 * Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in libgit2/libgit2#7155 * Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in libgit2/libgit2#7154 * test: check the correct filesystem for case-sensitivity by @ambv in libgit2/libgit2#7153 * ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in libgit2/libgit2#7152 * refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in libgit2/libgit2#7148 * config: Fix potential null value passed to %s by @orgads in libgit2/libgit2#7131 * Fix potential access to uninitialized variables by @orgads in libgit2/libgit2#7130 * refspec: Detect DEL character in is_valid_name by @xokdvium in libgit2/libgit2#7120 * Update documentation to clarify that cert cb is always called by @ehuss in libgit2/libgit2#7119 * Update `racy.c` reference by @emmanuel-ferdman in libgit2/libgit2#7091 * Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in libgit2/libgit2#7077
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 13, 2026
v1.9.3 This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support. * cmake: fix linker error when using ninja build generator by @kcsaul in libgit2/libgit2#7249 * Handle redirects with Content-Length: 0 correctly by @ethomson in libgit2/libgit2#7246 * ci: use poxygit v0.8.1 in the tests by @ethomson in libgit2/libgit2#7248 * Zero indexer stats in pack objects by @ethomson in libgit2/libgit2#7243 * submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in libgit2/libgit2#7003 * fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in libgit2/libgit2#7165 * merge_files: avoid UB in xdiff by @ethomson in libgit2/libgit2#7239 * git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in libgit2/libgit2#7092 * cmake: write git.h.tmp to current binary directory by @kcsaul in libgit2/libgit2#7241 * fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in libgit2/libgit2#7238 * Check object lengths against headers in read_loose by @howtonotwin in libgit2/libgit2#7178 * cmake: don't recreate git2.h unnecessarily by @ethomson in libgit2/libgit2#7234 * Memory Backend Corruption Fix by @kcsaul in libgit2/libgit2#7232 * Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in libgit2/libgit2#7118 * fix(transport): get oid_type on local transport by @weihanglo in libgit2/libgit2#7229 * `GIT_REMOTE_DOWNLOAD_TAGS_ALL`: remove stray "the" in docs by @DanielEScherzer in libgit2/libgit2#7228 * fix(clone): propagate object format in local clone by @weihanglo in libgit2/libgit2#7226 * repo: Fix possible null pointer dereference by @csware in libgit2/libgit2#7225 * revparse: Allow `HEAD` abbreviation `@` by @KoviRobi in libgit2/libgit2#7218 * camke: include libssh2 in `Requires.private` in the PC file by @carlosmn in libgit2/libgit2#7215 * futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in libgit2/libgit2#7211 * pcre: actually fix dangling-pointer warning by @ethomson in libgit2/libgit2#7206 * pcre: update cmake warnings for non-gcc by @ethomson in libgit2/libgit2#7205 * Fix some warnings with gcc by @ethomson in libgit2/libgit2#7203 * fix: apply insteadOf from global config for detached remotes by @weihanglo in libgit2/libgit2#7195 * Fix `git_index_entry` documentation by @bakersdozen123 in libgit2/libgit2#7192 * config: Fix potential null value passed to %s by @ethomson in libgit2/libgit2#7190 * index: support USE_NSEC=OFF by @ethomson in libgit2/libgit2#7187 * feat(remote): expose `git_remote_oid_type` by @weihanglo in libgit2/libgit2#7185 * fix(smart): keep caps across RPC stream resets by @weihanglo in libgit2/libgit2#7183 * fix wrong comment by @Murmele in libgit2/libgit2#7181 * fix(sha256): pass correct oid type by @weihanglo in libgit2/libgit2#7179 * examples: correct `git_commit_time` comment by @qaqland in libgit2/libgit2#7175 * tests: update to latest clar by @ethomson in libgit2/libgit2#7173 * delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in libgit2/libgit2#7172 * ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in libgit2/libgit2#7167 * ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in libgit2/libgit2#7164 * Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in libgit2/libgit2#7155 * Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in libgit2/libgit2#7154 * test: check the correct filesystem for case-sensitivity by @ambv in libgit2/libgit2#7153 * ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in libgit2/libgit2#7152 * refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in libgit2/libgit2#7148 * config: Fix potential null value passed to %s by @orgads in libgit2/libgit2#7131 * Fix potential access to uninitialized variables by @orgads in libgit2/libgit2#7130 * refspec: Detect DEL character in is_valid_name by @xokdvium in libgit2/libgit2#7120 * Update documentation to clarify that cert cb is always called by @ehuss in libgit2/libgit2#7119 * Update `racy.c` reference by @emmanuel-ferdman in libgit2/libgit2#7091 * Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in libgit2/libgit2#7077
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Depending on the zlib library used, the inflate() function may write beyond the object size into the additional trailing buffer for aligned memory copies. This may cause out-of-bounds memory read if the object buffer is later used without checking the object size, as in git_commit__extract_signature.
Link: zlib-ng/zlib-ng#1767