From: Junio C Hamano <gitster@pobox.com>
To: Taylor Blau <me@ttaylorr.com>
Cc: git@vger.kernel.org, Jeff King <peff@peff.net>
Subject: Re: [PATCH 1/7] chunk-format: introduce `pair_chunk_expect()` helper
Date: Fri, 10 Nov 2023 13:55:48 +0900 [thread overview]
Message-ID: <xmqqedgyw6jv.fsf@gitster.g> (raw)
In-Reply-To: <af5fe3b7237caeba8f970e967933db96c83a230e.1699569246.git.me@ttaylorr.com> (Taylor Blau's message of "Thu, 9 Nov 2023 17:34:11 -0500")
Taylor Blau <me@ttaylorr.com> writes:
> +static int pair_chunk_expect_fn(const unsigned char *chunk_start,
> + size_t chunk_size,
> + void *data)
> +{
> + struct pair_chunk_data *pcd = data;
> + if (chunk_size / pcd->record_size != pcd->record_nr)
> + return -1;
> + *pcd->p = chunk_start;
> + return 0;
> +}
I know one of the original places did the "divide the whole by
per-record size and see if it matches the number of records", the
same as we see above, but the check in the above could also be
if (chunk_size != st_mult(pcd->record_size, pcd->record_nr))
return -1;
which would also catch the case where chunk_size is not a multiple
of the record size. Your conversion of OOFF in midx.c loses this
protection as the original uses the multiplication-and-compare, but
the rewrite to call pair_chunk_expect would call the above and
checks with the truncating-divide-and-compare.
Does the distinction matter? I dunno. If the record/chunk
alignment is asserted elsewhere, then the distinction should not
matter, but even if it were, seeing a truncating division used in
any validation makes my skin tingle.
Other than that, the series was a pleasant read.
Thanks.
next prev parent reply other threads:[~2023-11-10 6:13 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 7:03 [PATCH 0/9] some more chunk-file bounds-checks fixes Jeff King
2023-11-09 7:09 ` [PATCH 1/9] commit-graph: handle overflow in chunk_size checks Jeff King
2023-11-09 21:13 ` Taylor Blau
2023-11-09 21:27 ` Jeff King
2023-11-09 7:12 ` [PATCH 2/9] midx: check consistency of fanout table Jeff King
2023-11-09 7:13 ` [PATCH 3/9] commit-graph: drop redundant call to "lite" verification Jeff King
2023-11-09 7:14 ` [PATCH 4/9] commit-graph: clarify missing-chunk error messages Jeff King
2023-11-09 7:17 ` [PATCH 5/9] commit-graph: abort as soon as we see a bogus chunk Jeff King
2023-11-09 21:18 ` Taylor Blau
2023-11-09 7:24 ` [PATCH 6/9] commit-graph: use fanout value for graph size Jeff King
2023-11-09 21:20 ` Taylor Blau
2023-11-09 21:38 ` Jeff King
2023-11-09 22:15 ` Taylor Blau
2023-11-10 21:52 ` Jeff King
2023-11-09 7:25 ` [PATCH 7/9] commit-graph: check order while reading fanout chunk Jeff King
2023-11-09 7:25 ` [PATCH 8/9] commit-graph: drop verify_commit_graph_lite() Jeff King
2023-11-09 7:26 ` [PATCH 9/9] commit-graph: mark chunk error messages for translation Jeff King
2023-11-09 21:22 ` [PATCH 0/9] some more chunk-file bounds-checks fixes Taylor Blau
2023-11-09 22:34 ` [PATCH 0/7] chunk-format: introduce `pair_chunk_expect()` Taylor Blau
2023-11-09 22:34 ` [PATCH 1/7] chunk-format: introduce `pair_chunk_expect()` helper Taylor Blau
2023-11-10 4:55 ` Junio C Hamano [this message]
2023-11-10 16:27 ` Taylor Blau
2023-11-10 22:01 ` Jeff King
2023-11-10 23:39 ` Junio C Hamano
2023-11-10 23:38 ` Junio C Hamano
2023-11-10 21:57 ` Jeff King
2023-11-10 22:09 ` Jeff King
2023-11-10 22:08 ` Jeff King
2024-01-15 22:31 ` Linus Arver
2024-01-15 22:53 ` Linus Arver
2024-01-16 15:10 ` Jeff King
2024-01-18 23:59 ` Linus Arver
2023-11-09 22:34 ` [PATCH 2/7] commit-graph: read `OIDL` chunk with `pair_chunk_expect()` Taylor Blau
2023-11-10 22:10 ` Jeff King
2023-11-09 22:34 ` [PATCH 3/7] commit-graph: read `CDAT` " Taylor Blau
2023-11-09 22:34 ` [PATCH 4/7] commit-graph: read `GDAT` " Taylor Blau
2023-11-09 22:34 ` [PATCH 5/7] commit-graph: read `BIDX` " Taylor Blau
2023-11-09 22:34 ` [PATCH 6/7] midx: read `OIDL` " Taylor Blau
2023-11-09 22:34 ` [PATCH 7/7] midx: read `OOFF` " Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqedgyw6jv.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.