summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Jonathan Nieder <jrnieder@gmail.com>2010-10-13 04:48:07 -0500
committerLibravatar Jonathan Nieder <jrnieder@gmail.com>2011-03-27 23:28:02 -0500
commit4c9b93ed7644a7a7c72bdd8105d88a9ebb8e3e74 (patch)
tree8f093101e2a800437287384876cef5335929eafc
parentvcs-svn: implement copyfrom_data delta instruction (diff)
downloadtgif-4c9b93ed7644a7a7c72bdd8105d88a9ebb8e3e74.tar.xz
vcs-svn: verify that deltas consume all inline data
By constraining the format of deltas, we can more easily detect corruption and other breakage. Requiring deltas not to provide unconsumed data also opens the possibility of ignoring the declared amount of novel data and simply streaming the data as needed to fulfill copyfrom_data requests. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Ramkumar Ramachandra <artagnon@gmail.com>
-rwxr-xr-xt/t9011-svn-da.sh5
-rw-r--r--vcs-svn/svndiff.c2
2 files changed, 4 insertions, 3 deletions
diff --git a/t/t9011-svn-da.sh b/t/t9011-svn-da.sh
index ba8ce052aa..72691b9379 100755
--- a/t/t9011-svn-da.sh
+++ b/t/t9011-svn-da.sh
@@ -121,11 +121,10 @@ test_expect_success 'preimage view: reject truncated preimage' '
test_must_fail test-svn-fe -d preimage clear.longread 9
'
-test_expect_success 'inline data' '
+test_expect_success 'forbid unconsumed inline data' '
printf "SVNQ%b%s%b%s" "QQQQ\003" "bar" "QQQQ\001" "x" |
q_to_nul >inline.clear &&
- test-svn-fe -d preimage inline.clear 18 >actual &&
- test_cmp empty actual
+ test_must_fail test-svn-fe -d preimage inline.clear 18 >actual
'
test_expect_success 'reject truncated inline data' '
diff --git a/vcs-svn/svndiff.c b/vcs-svn/svndiff.c
index ed1d4a08be..fb7dc22f92 100644
--- a/vcs-svn/svndiff.c
+++ b/vcs-svn/svndiff.c
@@ -208,6 +208,8 @@ static int apply_window_in_core(struct window *ctx)
)
if (execute_one_instruction(ctx, &instructions, &data_pos))
return -1;
+ if (data_pos != ctx->data.len)
+ return error("invalid delta: does not copy all inline data");
return 0;
}