diff options
| author | Jeff King <peff@peff.net> | 2017-10-05 05:59:52 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-10-06 04:04:41 (GMT) |
| commit | b3ea7dd32d6f8dc117b782ec5ca54ef8f65280c9 (patch) | |
| tree | 7a13a3855824e55dbf37d8b1158bc8152d87202a /sha1_file.c | |
| parent | 4010f1d1b782eb7585e0e0abcefa794bd5ff29a0 (diff) | |
| download | git-b3ea7dd32d6f8dc117b782ec5ca54ef8f65280c9.zip git-b3ea7dd32d6f8dc117b782ec5ca54ef8f65280c9.tar.gz git-b3ea7dd32d6f8dc117b782ec5ca54ef8f65280c9.tar.bz2 | |
sha1_loose_object_info: handle errors from unpack_sha1_rest
When a caller of sha1_object_info_extended() sets the
"contentp" field in object_info, we call unpack_sha1_rest()
but do not check whether it signaled an error.
This causes two problems:
1. We pass back NULL to the caller via the contentp field,
but the function returns "0" for success. A caller
might reasonably expect after a successful return that
it can access contentp without a NULL check and
segfault.
As it happens, this is impossible to trigger in the
current code. There is exactly one caller which uses
contentp, read_object(). And the only thing it does
after a successful call is to return the content
pointer to its caller, using NULL as a sentinel for
errors. So in effect it converts the success code from
sha1_object_info_extended() back into an error!
But this is still worth addressing avoid problems for
future users of "contentp".
2. Callers of unpack_sha1_rest() are expected to close the
zlib stream themselves on error. Which means that we're
leaking the stream.
The problem in (1) comes from from c84a1f3ed4 (sha1_file:
refactor read_object, 2017-06-21), which added the contentp
field. Before that, we called unpack_sha1_rest() via
unpack_sha1_file(), which directly used the NULL to signal
an error.
But note that the leak in (2) is actually older than that.
The original unpack_sha1_file() directly returned the result
of unpack_sha1_rest() to its caller, when it should have
been closing the zlib stream itself on error.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_file.c')
| -rw-r--r-- | sha1_file.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sha1_file.c b/sha1_file.c index 4fa4b18..8548d29 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -2963,10 +2963,14 @@ static int sha1_loose_object_info(const unsigned char *sha1, } else if ((status = parse_sha1_header_extended(hdr, oi, flags)) < 0) status = error("unable to parse %s header", sha1_to_hex(sha1)); - if (status >= 0 && oi->contentp) + if (status >= 0 && oi->contentp) { *oi->contentp = unpack_sha1_rest(&stream, hdr, *oi->sizep, sha1); - else + if (!*oi->contentp) { + git_inflate_end(&stream); + status = -1; + } + } else git_inflate_end(&stream); munmap(map, mapsize); |