diff options
| author | Junio C Hamano <gitster@pobox.com> | 2024-03-02 19:03:48 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-03-02 19:12:16 (GMT) |
| commit | 4c9355ff48a33eb60a4f2a51f08939320cf3f2d3 (patch) | |
| tree | d5c6eb4f5a3e36f14120e150520e78033a00ee4c /builtin/repack.c | |
| parent | 36ffba1c7be8d831065adab73a7a215f402ef432 (diff) | |
| download | git-4c9355ff48a33eb60a4f2a51f08939320cf3f2d3.zip git-4c9355ff48a33eb60a4f2a51f08939320cf3f2d3.tar.gz git-4c9355ff48a33eb60a4f2a51f08939320cf3f2d3.tar.bz2 | |
repack: check error writing to pack-objects subprocess
When "git repack" repacks promisor objects, it starts a pack-objects
subprocess and uses xwrite() to send object names over the pipe to
it, but without any error checking. An I/O error or short write
(even though a short write is unlikely for such a small amount of
data) can result in a packfile that lacks certain objects we wanted
to put in there, leading to a silent repository corruption.
Use write_in_full(), instead of xwrite(), to mitigate short write
risks, check errors from it, and abort if we see a failure.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/repack.c')
| -rw-r--r-- | builtin/repack.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/builtin/repack.c b/builtin/repack.c index ede3632..15e4ccc 100644 --- a/builtin/repack.c +++ b/builtin/repack.c @@ -314,8 +314,9 @@ static int write_oid(const struct object_id *oid, die(_("could not start pack-objects to repack promisor objects")); } - xwrite(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz); - xwrite(cmd->in, "\n", 1); + if (write_in_full(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz) < 0 || + write_in_full(cmd->in, "\n", 1) < 0) + die(_("failed to feed promisor objects to pack-objects")); return 0; } |