[PATCH 5/9] make check_object() resilient to pack corruptions

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nicolas Pitre <nico@cam.org>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: [PATCH 5/9] make check_object() resilient to pack corruptions
Date: Wed, 29 Oct 2008 19:02:48 -0400	[thread overview]
Message-ID: <1225321372-6570-6-git-send-email-nico@cam.org> (raw)
In-Reply-To: <1225321372-6570-5-git-send-email-nico@cam.org>

The check_object() function tries to get away with the least amount of
pack access possible when it already has partial information on given
object rather than calling the more costly packed_object_info().

When things don't look right, it should just give up and fall back to
packed_object_info() directly instead of die()'ing.

Signed-off-by: Nicolas Pitre <nico@cam.org>
---
 builtin-pack-objects.c |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/builtin-pack-objects.c b/builtin-pack-objects.c
index 9e249c9..b595d04 100644
--- a/builtin-pack-objects.c
+++ b/builtin-pack-objects.c
@@ -1005,6 +1005,8 @@ static void check_object(struct object_entry *entry)
 		used = unpack_object_header_buffer(buf, avail,
 						   &entry->in_pack_type,
 						   &entry->size);
+		if (used == 0)
+			goto give_up;
 
 		/*
 		 * Determine if this is a delta and if so whether we can
@@ -1016,6 +1018,8 @@ static void check_object(struct object_entry *entry)
 			/* Not a delta hence we've already got all we need. */
 			entry->type = entry->in_pack_type;
 			entry->in_pack_header_size = used;
+			if (entry->type < OBJ_COMMIT || entry->type > OBJ_BLOB)
+				goto give_up;
 			unuse_pack(&w_curs);
 			return;
 		case OBJ_REF_DELTA:
@@ -1032,16 +1036,20 @@ static void check_object(struct object_entry *entry)
 			ofs = c & 127;
 			while (c & 128) {
 				ofs += 1;
-				if (!ofs || MSB(ofs, 7))
-					die("delta base offset overflow in pack for %s",
-					    sha1_to_hex(entry->idx.sha1));
+				if (!ofs || MSB(ofs, 7)) {
+					error("delta base offset overflow in pack for %s",
+					      sha1_to_hex(entry->idx.sha1));
+					goto give_up;
+				}
 				c = buf[used_0++];
 				ofs = (ofs << 7) + (c & 127);
 			}
 			ofs = entry->in_pack_offset - ofs;
-			if (ofs <= 0 || ofs >= entry->in_pack_offset)
-				die("delta base offset out of bound for %s",
-				    sha1_to_hex(entry->idx.sha1));
+			if (ofs <= 0 || ofs >= entry->in_pack_offset) {
+				error("delta base offset out of bound for %s",
+				      sha1_to_hex(entry->idx.sha1));
+				goto give_up;
+			}
 			if (reuse_delta && !entry->preferred_base) {
 				struct revindex_entry *revidx;
 				revidx = find_pack_revindex(p, ofs);
@@ -1078,6 +1086,8 @@ static void check_object(struct object_entry *entry)
 			 */
 			entry->size = get_size_from_delta(p, &w_curs,
 					entry->in_pack_offset + entry->in_pack_header_size);
+			if (entry->size == 0)
+				goto give_up;
 			unuse_pack(&w_curs);
 			return;
 		}
@@ -1087,6 +1097,7 @@ static void check_object(struct object_entry *entry)
 		 * with sha1_object_info() to find about the object type
 		 * at this point...
 		 */
+		give_up:
 		unuse_pack(&w_curs);
 	}
 
-- 
1.6.0.3.757.g01be.dirty

next prev parent reply	other threads:[~2008-10-29 23:05 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-29 23:02 [PATCH 0/9] more robustness against pack corruptions Nicolas Pitre
2008-10-29 23:02 ` [PATCH 1/9] close another possibility for propagating pack corruption Nicolas Pitre
2008-10-29 23:02   ` [PATCH 2/9] better validation on delta base object offsets Nicolas Pitre
2008-10-29 23:02     ` [PATCH 3/9] make unpack_object_header() non fatal Nicolas Pitre
2008-10-29 23:02       ` [PATCH 4/9] make packed_object_info() resilient to pack corruptions Nicolas Pitre
2008-10-29 23:02         ` Nicolas Pitre [this message]
2008-10-29 23:02           ` [PATCH 6/9] make find_pack_revindex() aware of the nasty world Nicolas Pitre
2008-10-29 23:02             ` [PATCH 7/9] pack-objects: allow "fixing" a corrupted pack without a full repack Nicolas Pitre
2008-10-29 23:02               ` [PATCH 8/9] extend test coverage for latest pack corruption resilience improvements Nicolas Pitre
2008-10-29 23:02                 ` [PATCH 9/9] pack-objects: don't leak pack window reference when splitting packs Nicolas Pitre
2008-10-31  8:46   ` [PATCH 1/9] close another possibility for propagating pack corruption Junio C Hamano
2008-10-31 15:31     ` Nicolas Pitre

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9e249c9 dfblob:b595d04 )
 OR (
bs:"[PATCH 5/9] make check_object() resilient to pack corruptions" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1225321372-6570-6-git-send-email-nico@cam.org \
    --to=nico@cam.org \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).