[PATCH 4/9] make packed_object_info() resilient to pack corruptions

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nicolas Pitre <nico@cam.org>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: [PATCH 4/9] make packed_object_info() resilient to pack corruptions
Date: Wed, 29 Oct 2008 19:02:47 -0400	[thread overview]
Message-ID: <1225321372-6570-5-git-send-email-nico@cam.org> (raw)
In-Reply-To: <1225321372-6570-4-git-send-email-nico@cam.org>

In the same spirit as commit 8eca0b47ff, let's try to survive a pack
corruption by making packed_object_info() able to fall back to alternate
packs or loose objects.

Signed-off-by: Nicolas Pitre <nico@cam.org>
---
 sha1_file.c |   36 ++++++++++++++++++++++++++++++------
 1 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/sha1_file.c b/sha1_file.c
index 7698177..384a430 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1314,8 +1314,10 @@ unsigned long get_size_from_delta(struct packed_git *p,
 	} while ((st == Z_OK || st == Z_BUF_ERROR) &&
 		 stream.total_out < sizeof(delta_head));
 	inflateEnd(&stream);
-	if ((st != Z_STREAM_END) && stream.total_out != sizeof(delta_head))
-		die("delta data unpack-initial failed");
+	if ((st != Z_STREAM_END) && stream.total_out != sizeof(delta_head)) {
+		error("delta data unpack-initial failed");
+		return 0;
+	}
 
 	/* Examine the initial part of the delta to figure out
 	 * the result size.
@@ -1382,15 +1384,29 @@ static int packed_delta_info(struct packed_git *p,
 	off_t base_offset;
 
 	base_offset = get_delta_base(p, w_curs, &curpos, type, obj_offset);
+	if (!base_offset)
+		return OBJ_BAD;
 	type = packed_object_info(p, base_offset, NULL);
+	if (type <= OBJ_NONE) {
+		struct revindex_entry *revidx = find_pack_revindex(p, base_offset);
+		const unsigned char *base_sha1 =
+					nth_packed_object_sha1(p, revidx->nr);
+		mark_bad_packed_object(p, base_sha1);
+		type = sha1_object_info(base_sha1, NULL);
+		if (type <= OBJ_NONE)
+			return OBJ_BAD;
+	}
 
 	/* We choose to only get the type of the base object and
 	 * ignore potentially corrupt pack file that expects the delta
 	 * based on a base with a wrong size.  This saves tons of
 	 * inflate() calls.
 	 */
-	if (sizep)
+	if (sizep) {
 		*sizep = get_size_from_delta(p, w_curs, curpos);
+		if (*sizep == 0)
+			type = OBJ_BAD;
+	}
 
 	return type;
 }
@@ -1500,8 +1516,9 @@ static int packed_object_info(struct packed_git *p, off_t obj_offset,
 			*sizep = size;
 		break;
 	default:
-		die("pack %s contains unknown object type %d",
-		    p->pack_name, type);
+		error("unknown object type %i at offset %"PRIuMAX" in %s",
+		      type, (uintmax_t)obj_offset, p->pack_name);
+		type = OBJ_BAD;
 	}
 	unuse_pack(&w_curs);
 	return type;
@@ -1971,7 +1988,14 @@ int sha1_object_info(const unsigned char *sha1, unsigned long *sizep)
 		if (!find_pack_entry(sha1, &e, NULL))
 			return status;
 	}
-	return packed_object_info(e.p, e.offset, sizep);
+
+	status = packed_object_info(e.p, e.offset, sizep);
+	if (status < 0) {
+		mark_bad_packed_object(e.p, sha1);
+		status = sha1_object_info(sha1, sizep);
+	}
+
+	return status;
 }
 
 static void *read_packed_sha1(const unsigned char *sha1,
-- 
1.6.0.3.757.g01be.dirty

next prev parent reply	other threads:[~2008-10-29 23:05 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-29 23:02 [PATCH 0/9] more robustness against pack corruptions Nicolas Pitre
2008-10-29 23:02 ` [PATCH 1/9] close another possibility for propagating pack corruption Nicolas Pitre
2008-10-29 23:02   ` [PATCH 2/9] better validation on delta base object offsets Nicolas Pitre
2008-10-29 23:02     ` [PATCH 3/9] make unpack_object_header() non fatal Nicolas Pitre
2008-10-29 23:02       ` Nicolas Pitre [this message]
2008-10-29 23:02         ` [PATCH 5/9] make check_object() resilient to pack corruptions Nicolas Pitre
2008-10-29 23:02           ` [PATCH 6/9] make find_pack_revindex() aware of the nasty world Nicolas Pitre
2008-10-29 23:02             ` [PATCH 7/9] pack-objects: allow "fixing" a corrupted pack without a full repack Nicolas Pitre
2008-10-29 23:02               ` [PATCH 8/9] extend test coverage for latest pack corruption resilience improvements Nicolas Pitre
2008-10-29 23:02                 ` [PATCH 9/9] pack-objects: don't leak pack window reference when splitting packs Nicolas Pitre
2008-10-31  8:46   ` [PATCH 1/9] close another possibility for propagating pack corruption Junio C Hamano
2008-10-31 15:31     ` Nicolas Pitre

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7698177 dfblob:384a430 )
 OR (
bs:"[PATCH 4/9] make packed_object_info() resilient to pack corruptions" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1225321372-6570-5-git-send-email-nico@cam.org \
    --to=nico@cam.org \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).