undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fsck: correctly compute checksums on idx files larger than 4GB

Browse Source 
When checking the trailing checksum hash of a .idx file, we pass the
whole buffer (minus the trailing hash) into a single call to
the_hash_algo->update_fn(). But we cast it to an "unsigned int". This
comes from c4001d92be (Use off_t when we really mean a file offset.,
2007-03-06). That commit started storing the index_size variable as an
off_t, but our mozilla-sha1 implementation from the time was limited to
a smaller size. Presumably the cast was a way of annotating that we
expected .idx files to be small, and so we didn't need to loop (as we do
for arbitrarily-large .pack files). Though as an aside it was still
wrong, because the mozilla function actually took a signed int.

These days our hash-update functions are defined to take a size_t, so we
can pass the whole buffer in directly. The cast is actually causing a
buggy truncation!

While we're here, though, let's drop the confusing off_t variable in the
first place. We're getting the size not from the filesystem anyway, but
from p->index_size, which is a size_t. In fact, we can make the code a
bit more readable by dropping our local variable duplicating
p->index_size, and instead have one that stores the size of the actual
index data, minus the trailing hash.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King 2020-11-13 00:07:14 -05:00 committed by Junio C Hamano
parent a9bc372ef8
commit 33bbc59fed
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pack-check.c
View File

@ -164,7 +164,7 @@ static int verify_packfile(struct repository *r,
int verify_pack_index(struct packed_git *p)
{
off_t index_size;
size_t len;
const unsigned char *index_base;
git_hash_ctx ctx;
unsigned char hash[GIT_MAX_RAWSZ];
@ -172,14 +172,14 @@ int verify_pack_index(struct packed_git *p)
if (open_pack_index(p))
return error("packfile %s index not opened", p->pack_name);
index_size = p->index_size;
index_base = p->index_data;
len = p->index_size - the_hash_algo->rawsz;
/* Verify SHA1 sum of the index file */
the_hash_algo->init_fn(&ctx);
the_hash_algo->update_fn(&ctx, index_base, (unsigned int)(index_size - the_hash_algo->rawsz));
the_hash_algo->update_fn(&ctx, index_base, len);
the_hash_algo->final_fn(hash, &ctx);
if (!hasheq(hash, index_base + index_size - the_hash_algo->rawsz))
if (!hasheq(hash, index_base + len))
err = error("Packfile index for %s hash mismatch",
p->pack_name);
return err;