Google Git
Sign in
googlers / jrn / git / b3118bdc91876cbc04b7e81dcf7bea71d86ce4f8
commitb3118bdc91876cbc04b7e81dcf7bea71d86ce4f8[log] [tgz]
authorShawn O. Pearce <spearce@spearce.org>Wed Oct 14 07:23:51 2009 -0700
committerJunio C Hamano <gitster@pobox.com>Wed Oct 14 13:39:37 2009 -0700
treeaa1b183bcec0f4057addaad2ad5f437e13540622
parent583371af1f88e9cd48fedbb6bbb147d8091fd591 [diff]
sha1_file: Fix infinite loop when pack is corrupted

Some types of corruption to a pack may confuse the deflate stream
which stores an object.  In Andy's reported case a 36 byte region
of the pack was overwritten, leading to what appeared to be a valid
deflate stream that was trying to produce a result larger than our
allocated output buffer could accept.

Z_BUF_ERROR is returned from inflate() if either the input buffer
needs more input bytes, or the output buffer has run out of space.
Previously we only considered the former case, as it meant we needed
to move the stream's input buffer to the next window in the pack.

We now abort the loop if inflate() returns Z_BUF_ERROR without
consuming the entire input buffer it was given, or has filled
the entire output buffer but has not yet returned Z_STREAM_END.
Either state is a clear indicator that this loop is not working
as expected, and should not continue.

This problem cannot occur with loose objects as we open the entire
loose object as a single buffer and treat Z_BUF_ERROR as an error.

Reported-by: Andy Isaacson <adi@hexapodia.org>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2 files changed
tree: aa1b183bcec0f4057addaad2ad5f437e13540622
  1. block-sha1/
  2. compat/
  3. contrib/
  4. Documentation/
  5. git-gui/
  6. gitk-git/
  7. gitweb/
  8. perl/
  9. ppc/
  10. t/
  11. templates/
  12. xdiff/
  13. RelNotesDocumentation/RelNotes-1.6.5.txt
  14. .gitattributes
  15. .gitignore
  16. .mailmap
  17. abspath.c
  18. advice.c
  19. advice.h
  20. alias.c
  21. alloc.c
  22. archive-tar.c
  23. archive-zip.c
  24. archive.c
  25. archive.h
  26. attr.c
  27. attr.h
  28. base85.c
  29. bisect.c
  30. bisect.h
  31. blob.c
  32. blob.h
  33. branch.c
  34. branch.h
  35. builtin-add.c
  36. builtin-annotate.c
  37. builtin-apply.c
  38. builtin-archive.c
  39. builtin-bisect--helper.c
  40. builtin-blame.c
  41. builtin-branch.c
  42. builtin-bundle.c
  43. builtin-cat-file.c
  44. builtin-check-attr.c
  45. builtin-check-ref-format.c
  46. builtin-checkout-index.c
  47. builtin-checkout.c
  48. builtin-clean.c
  49. builtin-clone.c
  50. builtin-commit-tree.c
  51. builtin-commit.c
  52. builtin-config.c
  53. builtin-count-objects.c
  54. builtin-describe.c
  55. builtin-diff-files.c
  56. builtin-diff-index.c
  57. builtin-diff-tree.c
  58. builtin-diff.c
  59. builtin-fast-export.c
  60. builtin-fetch--tool.c
  61. builtin-fetch-pack.c
  62. builtin-fetch.c
  63. builtin-fmt-merge-msg.c
  64. builtin-for-each-ref.c
  65. builtin-fsck.c
  66. builtin-gc.c
  67. builtin-grep.c
  68. builtin-help.c
  69. builtin-init-db.c
  70. builtin-log.c
  71. builtin-ls-files.c
  72. builtin-ls-remote.c
  73. builtin-ls-tree.c
  74. builtin-mailinfo.c
  75. builtin-mailsplit.c
  76. builtin-merge-base.c
  77. builtin-merge-file.c
  78. builtin-merge-ours.c
  79. builtin-merge-recursive.c
  80. builtin-merge.c
  81. builtin-mktree.c
  82. builtin-mv.c
  83. builtin-name-rev.c
  84. builtin-pack-objects.c
  85. builtin-pack-refs.c
  86. builtin-prune-packed.c
  87. builtin-prune.c
  88. builtin-push.c
  89. builtin-read-tree.c
  90. builtin-receive-pack.c
  91. builtin-reflog.c
  92. builtin-remote.c
  93. builtin-replace.c
  94. builtin-rerere.c
  95. builtin-reset.c
  96. builtin-rev-list.c
  97. builtin-rev-parse.c
  98. builtin-revert.c
  99. builtin-rm.c
  100. builtin-send-pack.c
  101. builtin-shortlog.c
  102. builtin-show-branch.c
  103. builtin-show-ref.c
  104. builtin-stripspace.c
  105. builtin-symbolic-ref.c
  106. builtin-tag.c
  107. builtin-tar-tree.c
  108. builtin-unpack-objects.c
  109. builtin-update-index.c
  110. builtin-update-ref.c
  111. builtin-update-server-info.c
  112. builtin-upload-archive.c
  113. builtin-verify-pack.c
  114. builtin-verify-tag.c
  115. builtin-write-tree.c
  116. builtin.h
  117. bundle.c
  118. bundle.h
  119. cache-tree.c
  120. cache-tree.h
  121. cache.h
  122. check-builtins.sh
  123. check-racy.c
  124. check_bindir
  125. color.c
  126. color.h
  127. combine-diff.c
  128. command-list.txt
  129. commit.c
  130. commit.h
  131. config.c
  132. config.mak.in
  133. configure.ac
  134. connect.c
  135. convert.c
  136. copy.c
  137. COPYING
  138. csum-file.c
  139. csum-file.h
  140. ctype.c
  141. daemon.c
  142. date.c
  143. decorate.c
  144. decorate.h
  145. delta.h
  146. diff-delta.c
  147. diff-lib.c
  148. diff-no-index.c
  149. diff.c
  150. diff.h
  151. diffcore-break.c
  152. diffcore-delta.c
  153. diffcore-order.c
  154. diffcore-pickaxe.c
  155. diffcore-rename.c
  156. diffcore.h
  157. dir.c
  158. dir.h
  159. editor.c
  160. entry.c
  161. environment.c
  162. exec_cmd.c
  163. exec_cmd.h
  164. fast-import.c
  165. fetch-pack.h
  166. fixup-builtins
  167. fsck.c
  168. fsck.h
  169. generate-cmdlist.sh
  170. git-add--interactive.perl
  171. git-am.sh
  172. git-archimport.perl
  173. git-bisect.sh
  174. git-compat-util.h
  175. git-cvsexportcommit.perl
  176. git-cvsimport.perl
  177. git-cvsserver.perl
  178. git-difftool--helper.sh
  179. git-difftool.perl
  180. git-filter-branch.sh
  181. git-instaweb.sh
  182. git-lost-found.sh
  183. git-merge-octopus.sh
  184. git-merge-one-file.sh
  185. git-merge-resolve.sh
  186. git-mergetool--lib.sh
  187. git-mergetool.sh
  188. git-parse-remote.sh
  189. git-pull.sh
  190. git-quiltimport.sh
  191. git-rebase--interactive.sh
  192. git-rebase.sh
  193. git-relink.perl
  194. git-repack.sh
  195. git-request-pull.sh
  196. git-send-email.perl
  197. git-sh-setup.sh
  198. git-stash.sh
  199. git-submodule.sh
  200. git-svn.perl
  201. GIT-VERSION-GEN
  202. git-web--browse.sh
  203. git.c
  204. git.spec.in
  205. graph.c
  206. graph.h
  207. grep.c
  208. grep.h
  209. hash-object.c
  210. hash.c
  211. hash.h
  212. help.c
  213. help.h
  214. http-fetch.c
  215. http-push.c
  216. http-walker.c
  217. http.c
  218. http.h
  219. ident.c
  220. imap-send.c
  221. index-pack.c
  222. INSTALL
  223. levenshtein.c
  224. levenshtein.h
  225. list-objects.c
  226. list-objects.h
  227. ll-merge.c
  228. ll-merge.h
  229. lockfile.c
  230. log-tree.c
  231. log-tree.h
  232. mailmap.c
  233. mailmap.h
  234. Makefile
  235. match-trees.c
  236. merge-file.c
  237. merge-index.c
  238. merge-recursive.c
  239. merge-recursive.h
  240. merge-tree.c
  241. mktag.c
  242. name-hash.c
  243. object.c
  244. object.h
  245. pack-check.c
  246. pack-redundant.c
  247. pack-refs.c
  248. pack-refs.h
  249. pack-revindex.c
  250. pack-revindex.h
  251. pack-write.c
  252. pack.h
  253. pager.c
  254. parse-options.c
  255. parse-options.h
  256. patch-delta.c
  257. patch-id.c
  258. patch-ids.c
  259. patch-ids.h
  260. path.c
  261. pkt-line.c
  262. pkt-line.h
  263. preload-index.c
  264. pretty.c
  265. progress.c
  266. progress.h
  267. quote.c
  268. quote.h
  269. reachable.c
  270. reachable.h
  271. read-cache.c
  272. README
  273. reflog-walk.c
  274. reflog-walk.h
  275. refs.c
  276. refs.h
  277. remote-curl.c
  278. remote.c
  279. remote.h
  280. replace_object.c
  281. rerere.c
  282. rerere.h
  283. revision.c
  284. revision.h
  285. run-command.c
  286. run-command.h
  287. send-pack.h
  288. server-info.c
  289. setup.c
  290. sha1-lookup.c
  291. sha1-lookup.h
  292. sha1_file.c
  293. sha1_name.c
  294. shallow.c
  295. shell.c
  296. shortlog.h
  297. show-index.c
  298. sideband.c
  299. sideband.h
  300. sigchain.c
  301. sigchain.h
  302. strbuf.c
  303. strbuf.h
  304. string-list.c
  305. string-list.h
  306. symlinks.c
  307. tag.c
  308. tag.h
  309. tar.h
  310. test-chmtime.c
  311. test-ctype.c
  312. test-date.c
  313. test-delta.c
  314. test-dump-cache-tree.c
  315. test-genrandom.c
  316. test-match-trees.c
  317. test-parse-options.c
  318. test-path-utils.c
  319. test-sha1.c
  320. test-sha1.sh
  321. test-sigchain.c
  322. thread-utils.c
  323. thread-utils.h
  324. trace.c
  325. transport-helper.c
  326. transport.c
  327. transport.h
  328. tree-diff.c
  329. tree-walk.c
  330. tree-walk.h
  331. tree.c
  332. tree.h
  333. unimplemented.sh
  334. unpack-file.c
  335. unpack-trees.c
  336. unpack-trees.h
  337. upload-pack.c
  338. usage.c
  339. userdiff.c
  340. userdiff.h
  341. utf8.c
  342. utf8.h
  343. var.c
  344. walker.c
  345. walker.h
  346. wrapper.c
  347. write_or_die.c
  348. ws.c
  349. wt-status.c
  350. wt-status.h
  351. xdiff-interface.c
  352. xdiff-interface.h