Bug Fixes
-
cap aggregate delta data allocation in gix-pack
A ClusterFuzz data_file testcase could build a malformed delta chain whose
individual entry sizes stayed below the configured fuzz allocation cap, but
whose aggregate decompressed delta payload size reached multi-gigabyte scale.
The fuzz harness then attempted to reserve that aggregate buffer and aborted
with libFuzzer out-of-memory.Reject aggregate delta payload sizes once they exceed
File::with_alloc_limit_bytes(), matching the existing protection for individual
decoded object sizes. Add the minimized ClusterFuzz testcase to the data_file
artefacts so the known input remains available to the fuzz target and artifact
smoke test.
Bug Fixes (BREAKING)
- remove unused
index::Version::hash()method.
It's not useful either as there is no relationship between the Version
of the index file and the hash to use.
Commit Statistics
- 10 commits contributed to the release over the course of 27 calendar days.
- 27 days passed between releases.
- 2 commits were understood as conventional.
- 0 issues like '(#ID)' were seen in commit messages
Commit Details
view details
- Uncategorized
- Merge pull request #2657 from GitoxideLabs/dev/aratiu/sha256-pack (cdafa6a)
- Review (14025af)
- Cover multi-index write under SHA-256 (bbf6fe3)
- Correct the index-verification progress label for non-SHA-1 hashes (aa319aa)
- Merge pull request #2632 from GitoxideLabs/fix-fuzz-failure (70d38bf)
- Cap aggregate delta data allocation in gix-pack (6de909b)
- Merge pull request #2602 from cruessler/run-gix-pack-tests-with-sha-256 (4f862a5)
- Remove unused
index::Version::hash()method. (ee91e31) - Add generated archives for SHA-256 in
gix-pack(4f1bb83) - Merge pull request #2618 from GitoxideLabs/report (f7d4f33)