path: root/streaming.c
diff options
authorJeff King <>2018-10-31 05:13:16 (GMT)
committerJunio C Hamano <>2018-10-31 05:32:30 (GMT)
commit0afbe3e806f48a701188eefd8d7c474cc119df53 (patch)
tree805aba5d2281a281a946f3e899759b6e932b3563 /streaming.c
parentcae598d9980661a978e2df4fb338518f7bf09572 (diff)
read_istream_pack_non_delta(): document input handling
Twice now we have scratched our heads about why the loose streaming code needs the protection added by 692f0bc7ae (avoid infinite loop in read_istream_loose, 2013-03-25), but the similar code in its pack counterpart does not. The short answer is that use_pack() will die before it lets us run out of bytes. Note that this could mean reading garbage (including the trailing hash) from the packfile in some cases of corruption, but that's OK. zlib will notice and complain (and if not, certainly the end result will not match the object hash we expect). Let's leave a comment this time to document our findings. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'streaming.c')
1 files changed, 9 insertions, 0 deletions
diff --git a/streaming.c b/streaming.c
index d1e6b2d..ac7c7a2 100644
--- a/streaming.c
+++ b/streaming.c
@@ -408,6 +408,15 @@ static read_method_decl(pack_non_delta)
st->z_state = z_done;
+ /*
+ * Unlike the loose object case, we do not have to worry here
+ * about running out of input bytes and spinning infinitely. If
+ * we get Z_BUF_ERROR due to too few input bytes, then we'll
+ * replenish them in the next use_pack() call when we loop. If
+ * we truly hit the end of the pack (i.e., because it's corrupt
+ * or truncated), then use_pack() catches that and will die().
+ */
if (status != Z_OK && status != Z_BUF_ERROR) {
st->z_state = z_error;