[v3,02/24] pack-bitmap: fix header size check

Message ID	b455b248e4e12d50a7fd1ef2cac34af7f6c53bed.1607385833.git.me@ttaylorr.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <git-owner@kernel.org> Date: Mon, 7 Dec 2020 19:04:17 -0500 From: Taylor Blau <me@ttaylorr.com> To: git@vger.kernel.org Cc: peff@peff.net, jonathantanmy@google.com, dstolee@microsoft.com, gitster@pobox.com Subject: [PATCH v3 02/24] pack-bitmap: fix header size check Message-ID: <b455b248e4e12d50a7fd1ef2cac34af7f6c53bed.1607385833.git.me@ttaylorr.com> References: <cover.1605123652.git.me@ttaylorr.com> <cover.1607385833.git.me@ttaylorr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <cover.1607385833.git.me@ttaylorr.com> Precedence: bulk
Series	pack-bitmap: bitmap generation improvements \| expand [v3,00/24] pack-bitmap: bitmap generation improvements [v3,01/24] ewah/ewah_bitmap.c: avoid open-coding ALLOC_GROW() [v3,02/24] pack-bitmap: fix header size check [v3,03/24] pack-bitmap: bounds-check size of cache extension [v3,04/24] t5310: drop size of truncated ewah bitmap [v3,05/24] rev-list: die when --test-bitmap detects a mismatch [v3,06/24] ewah: factor out bitmap growth [v3,07/24] ewah: make bitmap growth less aggressive [v3,08/24] ewah: implement bitmap_or() [v3,09/24] ewah: add bitmap_dup() function [v3,10/24] pack-bitmap-write: reimplement bitmap writing [v3,11/24] pack-bitmap-write: pass ownership of intermediate bitmaps [v3,12/24] pack-bitmap-write: fill bitmap with commit history [v3,13/24] bitmap: implement bitmap_is_subset() [v3,14/24] commit: implement commit_list_contains() [v3,15/24] t5310: add branch-based checks [v3,16/24] pack-bitmap-write: rename children to reverse_edges [v3,17/24] pack-bitmap.c: check reads more aggressively when loading [v3,18/24] pack-bitmap-write: build fewer intermediate bitmaps [v3,19/24] pack-bitmap-write: ignore BITMAP_FLAG_REUSE [v3,20/24] pack-bitmap: factor out 'bitmap_for_commit()' [v3,21/24] pack-bitmap: factor out 'add_commit_to_bitmap()' [v3,22/24] pack-bitmap-write: use existing bitmaps [v3,23/24] pack-bitmap-write: relax unique rewalk condition [v3,24/24] pack-bitmap-write: better reuse bitmaps

Message ID

b455b248e4e12d50a7fd1ef2cac34af7f6c53bed.1607385833.git.me@ttaylorr.com (mailing list archive)

State

Superseded

Headers

Date: Mon, 7 Dec 2020 19:04:17 -0500
From: Taylor Blau <me@ttaylorr.com>
To: git@vger.kernel.org
Cc: peff@peff.net, jonathantanmy@google.com, dstolee@microsoft.com,
        gitster@pobox.com
Subject: [PATCH v3 02/24] pack-bitmap: fix header size check
Message-ID: 
 <b455b248e4e12d50a7fd1ef2cac34af7f6c53bed.1607385833.git.me@ttaylorr.com>
References: <cover.1605123652.git.me@ttaylorr.com>
 <cover.1607385833.git.me@ttaylorr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <cover.1607385833.git.me@ttaylorr.com>
Precedence: bulk

Series

pack-bitmap: bitmap generation improvements | expand

Commit Message

Taylor Blau Dec. 8, 2020, 12:04 a.m. UTC

From: Jeff King <peff@peff.net>

When we parse a .bitmap header, we first check that we have enough bytes
to make a valid header. We do that based on sizeof(struct
bitmap_disk_header). However, as of 0f4d6cada8 (pack-bitmap: make bitmap
header handling hash agnostic, 2019-02-19), that struct oversizes its
checksum member to GIT_MAX_RAWSZ. That means we need to adjust for the
difference between that constant and the size of the actual hash we're
using. That commit adjusted the code which moves our pointer forward,
but forgot to update the size check.

This meant we were overly strict about the header size (requiring room
for a 32-byte worst-case hash, when sha1 is only 20 bytes). But in
practice it didn't matter because bitmap files tend to have at least 12
bytes of actual data anyway, so it was unlikely for a valid file to be
caught by this.

Let's fix it by pulling the header size into a separate variable and
using it in both spots. That fixes the bug and simplifies the code to make
it harder to have a mismatch like this in the future. It will also come
in handy in the next patch for more bounds checking.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 pack-bitmap.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pack-bitmap.c b/pack-bitmap.c
index 4077e731e8..fe5647e72e 100644
--- a/pack-bitmap.c
+++ b/pack-bitmap.c
@@ -138,9 +138,10 @@  static struct ewah_bitmap *read_bitmap_1(struct bitmap_index *index)
 static int load_bitmap_header(struct bitmap_index *index)
 {
 	struct bitmap_disk_header *header = (void *)index->map;
+	size_t header_size = sizeof(*header) - GIT_MAX_RAWSZ + the_hash_algo->rawsz;
 
-	if (index->map_size < sizeof(*header) + the_hash_algo->rawsz)
-		return error("Corrupted bitmap index (missing header data)");
+	if (index->map_size < header_size + the_hash_algo->rawsz)
+		return error("Corrupted bitmap index (too small)");
 
 	if (memcmp(header->magic, BITMAP_IDX_SIGNATURE, sizeof(BITMAP_IDX_SIGNATURE)) != 0)
 		return error("Corrupted bitmap index file (wrong header)");
@@ -164,7 +165,7 @@  static int load_bitmap_header(struct bitmap_index *index)
 	}
 
 	index->entry_count = ntohl(header->entry_count);
-	index->map_pos += sizeof(*header) - GIT_MAX_RAWSZ + the_hash_algo->rawsz;
+	index->map_pos += header_size;
 	return 0;
 }

[v3,02/24] pack-bitmap: fix header size check

Commit Message

Patch