diff options
author | Jeff King <peff@peff.net> | 2016-09-21 23:49:05 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-09-22 11:18:13 -0700 |
commit | a9445d859e810cc193c1cdcb15fa684a5e9b7560 (patch) | |
tree | d7a8e694d93a243a46272a4201d96dc4914cf4af | |
parent | Git 2.8.4 (diff) | |
download | tgif-a9445d859e810cc193c1cdcb15fa684a5e9b7560.tar.xz |
verify_packfile: check pack validity before accessing data
The verify_packfile() does not explicitly open the packfile;
instead, it starts with a sha1 checksum over the whole pack,
and relies on use_pack() to open the packfile as a side
effect.
If the pack cannot be opened for whatever reason (either
because its header information is corrupted, or perhaps
because a simultaneous repack deleted it), then use_pack()
will die(), as it has no way to return an error. This is not
ideal, as verify_packfile() otherwise tries to gently return
an error (this lets programs like git-fsck go on to check
other packs).
Instead, let's check is_pack_valid() up front, and return an
error if it fails. This will open the pack as a side effect,
and then use_pack() will later rely on our cached
descriptor, and avoid calling die().
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | pack-check.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/pack-check.c b/pack-check.c index 1da89a41ce..5af987c09b 100644 --- a/pack-check.c +++ b/pack-check.c @@ -57,11 +57,8 @@ static int verify_packfile(struct packed_git *p, int err = 0; struct idx_entry *entries; - /* Note that the pack header checks are actually performed by - * use_pack when it first opens the pack file. If anything - * goes wrong during those checks then the call will die out - * immediately. - */ + if (!is_pack_valid(p)) + return error("packfile %s cannot be accessed", p->pack_name); git_SHA1_Init(&ctx); do { |