From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FSL_HELO_FAKE,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 560F4C282DD for ; Fri, 10 Jan 2020 23:07:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 25E1F20721 for ; Fri, 10 Jan 2020 23:07:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nzmaeFoY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727454AbgAJXHM (ORCPT ); Fri, 10 Jan 2020 18:07:12 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39058 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727442AbgAJXHM (ORCPT ); Fri, 10 Jan 2020 18:07:12 -0500 Received: by mail-pg1-f196.google.com with SMTP id b137so1676450pga.6 for ; Fri, 10 Jan 2020 15:07:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=1gKGAapxGk5LUB9krsgEUnBzw6jSJ1MbKVQX9HM/JLI=; b=nzmaeFoY9NnyE/gtRkQt4paP8w1NORUCEHFXLGwoWUTQok1TsOEq0C4GOV6+062Zge 80/qZToTAgXG2v6rA431c4aQwwsvxxYWNXqGWw60zdz4iTl9H5gJj7wexe2/hjTZnv12 n36nSZGEnmn/kWuqq82HWaWUij7QQ2+CBInWQfabs6wivCvdrKYfIE1QMlLZ5XNIyVr+ F60iLP3maSn0WbrpO1905SK8yaipYN6QRR5y1m3eB1t+a1WO1YKhnEQ/htGCCqjMyw4I ZfNPmwOQA3o/rehkb/FxXAIkYy8pAgl9rY8O755IGhOQFu6hDP3Vb9nI3TmLs+x3vrg7 pVng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=1gKGAapxGk5LUB9krsgEUnBzw6jSJ1MbKVQX9HM/JLI=; b=JAEWvxspgox7TULAbafnckXikCHXjFFKyi0KG+EfuSjdm0xbIkgI2PPc/ojOQOHiVw Q09t2p0fP3XFdBK6n9yQbxBVmjHwr3kNDeYpZA3JMgpUjvVW3jHIJqlY+A4+Erj0JPSH XcIE2UZXAA3GNFXO4uzf6Tr+Rm4IWviWkjFPt2YEjhh6eX3zrlKvXosNkhXMvG8g0Pel Zcgrwh3LwuwK+4FjN2Pj/cOPor7TGIismOViqZ/mJn7X+rvOYanptUDXxh1Ncp2lbJEW EiyWJwzozVghcDBg3Uum/gvLVlF3wiiIZiotxfBPngtt0cNujbXpEC8K8Tzjl0tUCZo3 KqEA== X-Gm-Message-State: APjAAAV7E49bm698BZDJwlrcuSKn8Ks5kCeQ62lKVSxnV691gRL8RDrq T1ackIShnPd27z+8AGgDX54BKg== X-Google-Smtp-Source: APXvYqxD0vyqkW4YhYmvg2WpNmZiZUe/SlYyV7u2BnA4EouBFY4dROihEJA8NmAOB7oTm8cXcEfj4Q== X-Received: by 2002:a63:584:: with SMTP id 126mr7242339pgf.100.1578697631437; Fri, 10 Jan 2020 15:07:11 -0800 (PST) Received: from google.com ([2620:15c:2ce:0:231c:11cc:aa0a:6dc5]) by smtp.gmail.com with ESMTPSA id d22sm3884941pgg.52.2020.01.10.15.07.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2020 15:07:10 -0800 (PST) Date: Fri, 10 Jan 2020 15:07:06 -0800 From: Emily Shaffer To: Jeff King Cc: Junio C Hamano , git@vger.kernel.org Subject: Re: [RFC PATCH] unpack-trees: watch for out-of-range index position Message-ID: <20200110230706.GH181522@google.com> References: <20200108023127.219429-1-emilyshaffer@google.com> <20200108071525.GB1675456@coredump.intra.peff.net> <20200108193833.GD181522@google.com> <20200109075250.GA3978837@coredump.intra.peff.net> <20200109224641.GF181522@google.com> <20200110063741.GA409153@coredump.intra.peff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200110063741.GA409153@coredump.intra.peff.net> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org On Fri, Jan 10, 2020 at 01:37:41AM -0500, Jeff King wrote: > On Thu, Jan 09, 2020 at 02:46:41PM -0800, Emily Shaffer wrote: > > > > Perhaps. The integrity check only protects against an index that was > > > modified after the fact, not one that was generated by a buggy Git. I'm > > > not sure we know how the index that led to this patch got into this > > > state (though it sounds like Emily has a copy and could check the hash > > > on it), but other cache-tree segfault I found recently was with an index > > > with an intact integrity hash. > > > > Yeah, I can do that, although I'm not sure how. The index itself is very > > small - it only contains one file and one tree extension - so I'll go > > ahead and paste some poking and prodding, and if it's not what you > > wanted then please let me know what else to run. > > I was thinking you would run something like: > > size=$(stat --format=%s "$file") > actual=$(head -c $(($size-20)) "$file" | sha1sum | awk '{print $1}') > expect=$(xxd -s -20 -g 20 -c 20 "$file" | awk '{print $2}') > if test "$actual" = "$expect"; then > echo "OK ($actual)" > else > echo "FAIL ($actual != $expect)" > fi > > to manually check the sha1. Unsurprising given your mail, yeah, this looks OK when I run it against the repo in question. > So this bogus index was probably actually created by Git, not an > after-the-fact byte corruption. Disappointingly, the repro repo we got was aggressively redacted - I don't have any reflogs to look through and try and get a hint of what happened, and I imagine the reporter has moved on with their life enough that we can't get something useful from there now. - Emily