From 7cfe2f12ff399581f9e205adc3a49bc240a3932a Mon Sep 17 00:00:00 2001 From: "Shawn O. Pearce" Date: Tue, 24 Aug 2010 12:59:10 -0700 Subject: [PATCH] Don't copy more than the object size If the loader's stream is broken and returns to us more content than it originally declared as the size of the object, don't copy that onto the output stream. Instead throw EOFException and abort fast. This way we don't follow an infinite stream, but instead will at least stop when the size was reached. Change-Id: I7ec0c470c875f03b1f12a74a9b4d2f6e73b659bb Signed-off-by: Shawn O. Pearce --- org.eclipse.jgit/src/org/eclipse/jgit/lib/ObjectLoader.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/ObjectLoader.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/ObjectLoader.java index e8a125d57..b8d7f3719 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/ObjectLoader.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/ObjectLoader.java @@ -169,14 +169,14 @@ public abstract class ObjectLoader { final long sz = in.getSize(); byte[] tmp = new byte[1024]; long copied = 0; - for (;;) { + while (copied < sz) { int n = in.read(tmp); if (n < 0) - break; + throw new EOFException(); out.write(tmp, 0, n); copied += n; } - if (copied != sz) + if (0 <= in.read()) throw new EOFException(); } finally { in.close();