mirror of
https://github.com/git/git.git
synced 2025-02-06 10:24:25 +00:00
a8dd3821fe
In 106140a99f (builtin/fast-import: fix segfault with unsafe SHA1
backend, 2024-12-30) and 9218c0bfe1 (bulk-checkin: fix segfault with
unsafe SHA1 backend, 2024-12-30), we observed the effects of failing to
initialize a hashfile_checkpoint with the same hash function
implementation as is used by the hashfile it is used to checkpoint.
While both 106140a99f and 9218c0bfe1 work around the immediate crash,
changing the hash function implementation within the hashfile API to,
for example, the non-unsafe variant would re-introduce the crash. This
is a result of the tight coupling between initializing hashfiles and
hashfile_checkpoints.
Introduce and use a new function which ensures that both parts of a
hashfile and hashfile_checkpoint pair use the same hash function
implementation to avoid such crashes.
A few things worth noting:
- In the change to builtin/fast-import.c::stream_blob(), we can see
that by removing the explicit reference to
'the_hash_algo->unsafe_init_fn()', we are hardened against the
hashfile API changing away from the_hash_algo (or its unsafe
variant) in the future.
- The bulk-checkin code no longer needs to explicitly zero-initialize
the hashfile_checkpoint, since it is now done as a result of calling
'hashfile_checkpoint_init()'.
- Also in the bulk-checkin code, we add an additional call to
prepare_to_stream() outside of the main loop in order to initialize
'state->f' so we know which hash function implementation to use when
calling 'hashfile_checkpoint_init()'.
This is OK, since subsequent 'prepare_to_stream()' calls are noops.
However, we only need to call 'prepare_to_stream()' when we have the
HASH_WRITE_OBJECT bit set in our flags. Without that bit, calling
'prepare_to_stream()' does not assign 'state->f', so we have nothing
to initialize.
- Other uses of the 'checkpoint' in 'deflate_blob_to_pack()' are
appropriately guarded.
Helped-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
99 lines
2.5 KiB
C
99 lines
2.5 KiB
C
#ifndef CSUM_FILE_H
|
|
#define CSUM_FILE_H
|
|
|
|
#include "hash.h"
|
|
#include "write-or-die.h"
|
|
|
|
struct progress;
|
|
|
|
/* A SHA1-protected file */
|
|
struct hashfile {
|
|
int fd;
|
|
int check_fd;
|
|
unsigned int offset;
|
|
git_hash_ctx ctx;
|
|
off_t total;
|
|
struct progress *tp;
|
|
const char *name;
|
|
int do_crc;
|
|
uint32_t crc32;
|
|
size_t buffer_len;
|
|
unsigned char *buffer;
|
|
unsigned char *check_buffer;
|
|
const struct git_hash_algo *algop;
|
|
|
|
/**
|
|
* If non-zero, skip_hash indicates that we should
|
|
* not actually compute the hash for this hashfile and
|
|
* instead only use it as a buffered write.
|
|
*/
|
|
int skip_hash;
|
|
};
|
|
|
|
/* Checkpoint */
|
|
struct hashfile_checkpoint {
|
|
off_t offset;
|
|
git_hash_ctx ctx;
|
|
};
|
|
|
|
void hashfile_checkpoint_init(struct hashfile *, struct hashfile_checkpoint *);
|
|
void hashfile_checkpoint(struct hashfile *, struct hashfile_checkpoint *);
|
|
int hashfile_truncate(struct hashfile *, struct hashfile_checkpoint *);
|
|
|
|
/* finalize_hashfile flags */
|
|
#define CSUM_CLOSE 1
|
|
#define CSUM_FSYNC 2
|
|
#define CSUM_HASH_IN_STREAM 4
|
|
|
|
struct hashfile *hashfd(int fd, const char *name);
|
|
struct hashfile *hashfd_check(const char *name);
|
|
struct hashfile *hashfd_throughput(int fd, const char *name, struct progress *tp);
|
|
|
|
/*
|
|
* Free the hashfile without flushing its contents to disk. This only
|
|
* needs to be called when not calling `finalize_hashfile()`.
|
|
*/
|
|
void free_hashfile(struct hashfile *f);
|
|
|
|
/*
|
|
* Finalize the hashfile by flushing data to disk and free'ing it.
|
|
*/
|
|
int finalize_hashfile(struct hashfile *, unsigned char *, enum fsync_component, unsigned int);
|
|
void discard_hashfile(struct hashfile *);
|
|
void hashwrite(struct hashfile *, const void *, unsigned int);
|
|
void hashflush(struct hashfile *f);
|
|
void crc32_begin(struct hashfile *);
|
|
uint32_t crc32_end(struct hashfile *);
|
|
|
|
/* Verify checksum validity while reading. Returns non-zero on success. */
|
|
int hashfile_checksum_valid(const unsigned char *data, size_t len);
|
|
|
|
/*
|
|
* Returns the total number of bytes fed to the hashfile so far (including ones
|
|
* that have not been written out to the descriptor yet).
|
|
*/
|
|
static inline off_t hashfile_total(struct hashfile *f)
|
|
{
|
|
return f->total + f->offset;
|
|
}
|
|
|
|
static inline void hashwrite_u8(struct hashfile *f, uint8_t data)
|
|
{
|
|
hashwrite(f, &data, sizeof(data));
|
|
}
|
|
|
|
static inline void hashwrite_be32(struct hashfile *f, uint32_t data)
|
|
{
|
|
data = htonl(data);
|
|
hashwrite(f, &data, sizeof(data));
|
|
}
|
|
|
|
static inline size_t hashwrite_be64(struct hashfile *f, uint64_t data)
|
|
{
|
|
data = htonll(data);
|
|
hashwrite(f, &data, sizeof(data));
|
|
return sizeof(data);
|
|
}
|
|
|
|
#endif
|