From 4b6db3c5ff674bf78e46144eae1bae78008a411f Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Sun, 14 Sep 2025 06:09:02 +0800
Subject: [PATCH] Size check for OID parsing

---
 git/oid.ha | 4 ++++

diff --git a/git/oid.ha b/git/oid.ha
index e8df1aaf5351d648c67cc72218ab8c93da58c00b..3b0448475938378e0d49fa04cecb24fc99034054 100644
--- a/git/oid.ha
+++ b/git/oid.ha
@@ -7,6 +7,10 @@ export type oid = [sha256::SZ]u8;
 
 // Parses a hex-encoded string representation of an [[oid]].
 export fn parse_oid(s: const str) (oid | nomem | errors::invalid) = {
+	if (len(s) != sha256::SZ * 2) {
+		return errors::invalid;
+	};
+
 	const d = hex::decodestr(s)?;
 	defer free(d);
 

-- 
2.48.1