Andrew's git / gitweb.git / blobdiff
?
better validation on delta base object offsets
[gitweb.git] / sha1_file.c
diff --git a/sha1_file.c b/sha1_file.c
index 88d9cf357fa56310e28ce6eb19ad713b8d174645..e57949b41514c03e9b80764ecee9a4dbafa591f1 100644 (file)
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1355,7 +1355,7 @@ static off_t get_delta_base(struct packed_git *p,
                        base_offset = (base_offset << 7) + (c & 127);
                }
                base_offset = delta_obj_offset - base_offset;
-               if (base_offset >= delta_obj_offset)
+               if (base_offset <= 0 || base_offset >= delta_obj_offset)
                        return 0;  /* out of bound */
                *curpos += used;
        } else if (type == OBJ_REF_DELTA) {