diff options
| author | Jeff King <peff@peff.net> | 2014-10-29 13:11:58 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-10-30 11:17:51 -0700 |
| commit | 729dbbd9fc715fac1fc7cd8b603f0a7d625f2dfc (patch) | |
| tree | 6480e3fa0705bc6cc0cd25c30a22f0d00df52c8e | |
| parent | 49c3e926349e964b311b46251bb2b97d3d669855 (diff) | |
| download | git-jk/cache-tree-protect-from-broken-libgit2.tar.gz | |
cache-tree: avoid infinite loop on zero-entry treejk/cache-tree-protect-from-broken-libgit2
The loop in cache-tree's update_one iterates over all the
entries in the index. For each one, we find the cache-tree
subtree which represents our path (creating it if
necessary), and then recurse into update_one again. The
return value we get is the number of index entries that
belonged in that subtree. So for example, with entries:
a/one
a/two
b/one
We start by processing the first entry, "a/one". We would
find the subtree for "a" and recurse into update_one. That
would then handle "a/one" and "a/two", and return the value
2. The parent function then skips past the 2 handled
entries, and we continue by processing "b/one".
If the recursed-into update_one ever returns 0, then we make
no forward progress in our loop. We would process "a/one"
over and over, infinitely.
This should not happen normally. Any subtree we create must
have at least one path in it (the one that we are
processing!). However, we may also reuse a cache-tree entry
we found in the on-disk index. For the same reason, this
should also never have zero entries. However, certain buggy
versions of libgit2 could produce such bogus cache-tree
records. The libgit2 bug has since been fixed, but it does
not hurt to protect ourselves against bogus input coming
from the on-disk data structures.
Note that this is not a die("BUG") or assert, because it is
not an internal bug, but rather a corrupted on-disk
structure. It's possible that we could even recover from it
(by throwing out the bogus cache-tree entry), but it is not
worth the effort; the important thing is that we report an
error instead of looping infinitely.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | cache-tree.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/cache-tree.c b/cache-tree.c index c53f7de2b1..648e187491 100644 --- a/cache-tree.c +++ b/cache-tree.c @@ -299,6 +299,8 @@ static int update_one(struct cache_tree *it, flags); if (subcnt < 0) return subcnt; + if (!subcnt) + die("index cache-tree records empty sub-tree"); i += subcnt; sub->count = subcnt; /* to be used in the next loop */ *skip_count += subskip; |