patch-delta: fix oob read
If `cmd` is in the range [0x01,0x7f] and `cmd > top-data`, the
`memcpy(out, data, cmd)` can copy out-of-bounds data from after `delta_buf`
into `dst_buf`.
This is not an exploitable bug because triggering the bug increments the
`data` pointer beyond `top`, causing the `data != top` sanity check after
the loop to trigger and discard the destination buffer - which means that
the result of the out-of-bounds read is never used for anything.
Signed-off-by: Jann Horn <redacted>
Signed-off-by: Jeff King <redacted>
Reviewed-by: Nicolas Pitre <redacted>
Signed-off-by: Junio C Hamano <redacted>
git.99rst.org / git.git / commit