Skip to content

Commit

Permalink
Merge pull request from GHSA-4gj3-6r43-3wfc
Browse files Browse the repository at this point in the history
Add size check on the bitfield before allocation
  • Loading branch information
Jorropo authored Feb 9, 2023
2 parents 37b47f1 + e062cdb commit 59050ea
Show file tree
Hide file tree
Showing 7 changed files with 162 additions and 105 deletions.
15 changes: 11 additions & 4 deletions data/builder/dirshard.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,23 +133,30 @@ func (s *shard) formatLinkName(name string, idx int) string {
}

// bitmap calculates the bitmap of which links in the shard are set.
func (s *shard) bitmap() []byte {
bm := bitfield.NewBitfield(s.size)
func (s *shard) bitmap() ([]byte, error) {
bm, err := bitfield.NewBitfield(s.size)
if err != nil {
return nil, err
}
for i := 0; i < s.size; i++ {
if _, ok := s.children[i]; ok {
bm.SetBit(i)
}
}
return bm.Bytes()
return bm.Bytes(), nil
}

// serialize stores the concrete representation of this shard in the link system and
// returns a link to it.
func (s *shard) serialize(ls *ipld.LinkSystem) (ipld.Link, uint64, error) {
bm, err := s.bitmap()
if err != nil {
return nil, 0, err
}
ufd, err := BuildUnixFS(func(b *Builder) {
DataType(b, data.Data_HAMTShard)
HashType(b, s.hasher)
Data(b, s.bitmap())
Data(b, bm)
Fanout(b, uint64(s.size))
})
if err != nil {
Expand Down
54 changes: 28 additions & 26 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,68 +3,70 @@ module github.com/ipfs/go-unixfsnode
go 1.19

require (
github.com/ipfs/go-bitfield v1.0.0
github.com/ipfs/go-cid v0.2.0
github.com/ipfs/go-bitfield v1.1.0
github.com/ipfs/go-cid v0.3.2
github.com/ipfs/go-ipfs-chunker v0.0.1
github.com/ipfs/go-ipfs-util v0.0.2
github.com/ipfs/go-ipld-format v0.2.0
github.com/ipfs/go-merkledag v0.5.1
github.com/ipfs/go-unixfs v0.3.1
github.com/ipfs/go-unixfs v0.4.3
github.com/ipld/go-car/v2 v2.1.1
github.com/ipld/go-codec-dagpb v1.4.1
github.com/ipld/go-ipld-prime v0.16.0
github.com/multiformats/go-multicodec v0.4.1
github.com/multiformats/go-multihash v0.1.0
github.com/multiformats/go-multicodec v0.7.0
github.com/multiformats/go-multihash v0.2.1
github.com/spaolacci/murmur3 v1.1.0
github.com/stretchr/testify v1.7.0
google.golang.org/protobuf v1.28.0
github.com/stretchr/testify v1.8.1
google.golang.org/protobuf v1.28.1
)

require (
github.com/benbjohnson/clock v1.3.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/google/uuid v1.2.0 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/ipfs/bbloom v0.0.4 // indirect
github.com/ipfs/go-block-format v0.0.3 // indirect
github.com/ipfs/go-blockservice v0.2.1 // indirect
github.com/ipfs/go-datastore v0.5.0 // indirect
github.com/ipfs/go-datastore v0.6.0 // indirect
github.com/ipfs/go-ipfs-blockstore v1.1.2 // indirect
github.com/ipfs/go-ipfs-ds-help v1.1.0 // indirect
github.com/ipfs/go-ipfs-exchange-interface v0.1.0 // indirect
github.com/ipfs/go-ipfs-exchange-offline v0.1.1 // indirect
github.com/ipfs/go-ipld-cbor v0.0.5 // indirect
github.com/ipfs/go-ipld-legacy v0.1.0 // indirect
github.com/ipfs/go-log v1.0.5 // indirect
github.com/ipfs/go-log/v2 v2.3.0 // indirect
github.com/ipfs/go-log/v2 v2.5.1 // indirect
github.com/ipfs/go-metrics-interface v0.0.1 // indirect
github.com/ipfs/go-verifcid v0.0.1 // indirect
github.com/jbenet/goprocess v0.1.4 // indirect
github.com/klauspost/cpuid/v2 v2.0.12 // indirect
github.com/libp2p/go-buffer-pool v0.0.2 // indirect
github.com/mattn/go-isatty v0.0.13 // indirect
github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect
github.com/klauspost/cpuid/v2 v2.2.1 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/libp2p/go-libp2p v0.25.0 // indirect
github.com/mattn/go-isatty v0.0.16 // indirect
github.com/minio/sha256-simd v1.0.0 // indirect
github.com/mr-tron/base58 v1.2.0 // indirect
github.com/multiformats/go-base32 v0.0.4 // indirect
github.com/multiformats/go-base36 v0.1.0 // indirect
github.com/multiformats/go-multibase v0.0.3 // indirect
github.com/multiformats/go-varint v0.0.6 // indirect
github.com/multiformats/go-base32 v0.1.0 // indirect
github.com/multiformats/go-base36 v0.2.0 // indirect
github.com/multiformats/go-multiaddr v0.8.0 // indirect
github.com/multiformats/go-multibase v0.1.1 // indirect
github.com/multiformats/go-varint v0.0.7 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/petar/GoLLRB v0.0.0-20210522233825-ae3b015fd3e9 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/polydawn/refmt v0.0.0-20201211092308-30ac6d18308e // indirect
github.com/whyrusleeping/cbor v0.0.0-20171005072247-63513f603b11 // indirect
github.com/whyrusleeping/cbor-gen v0.0.0-20200123233031-1cdf64d27158 // indirect
github.com/whyrusleeping/chunker v0.0.0-20181014151217-fe64bd25879f // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.7.0 // indirect
go.uber.org/zap v1.16.0 // indirect
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
golang.org/x/exp v0.0.0-20210615023648-acb5c1269671 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220429233432-b5fbb4746d32 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/crypto v0.4.0 // indirect
golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/blake3 v1.1.7 // indirect
)
Loading

0 comments on commit 59050ea

Please sign in to comment.