diff options
authorJeff King <>2016-09-22 03:49:05 (GMT)
committerJunio C Hamano <>2016-09-22 18:18:13 (GMT)
commita9445d859e810cc193c1cdcb15fa684a5e9b7560 (patch)
parent0b65a8dbdb38962e700ee16776a3042beb489060 (diff)
verify_packfile: check pack validity before accessing data
The verify_packfile() does not explicitly open the packfile; instead, it starts with a sha1 checksum over the whole pack, and relies on use_pack() to open the packfile as a side effect. If the pack cannot be opened for whatever reason (either because its header information is corrupted, or perhaps because a simultaneous repack deleted it), then use_pack() will die(), as it has no way to return an error. This is not ideal, as verify_packfile() otherwise tries to gently return an error (this lets programs like git-fsck go on to check other packs). Instead, let's check is_pack_valid() up front, and return an error if it fails. This will open the pack as a side effect, and then use_pack() will later rely on our cached descriptor, and avoid calling die(). Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
1 files changed, 2 insertions, 5 deletions
diff --git a/pack-check.c b/pack-check.c
index 1da89a4..5af987c 100644
--- a/pack-check.c
+++ b/pack-check.c
@@ -57,11 +57,8 @@ static int verify_packfile(struct packed_git *p,
int err = 0;
struct idx_entry *entries;
- /* Note that the pack header checks are actually performed by
- * use_pack when it first opens the pack file. If anything
- * goes wrong during those checks then the call will die out
- * immediately.
- */
+ if (!is_pack_valid(p))
+ return error("packfile %s cannot be accessed", p->pack_name);
do {