From: John Szakmeister <john@szakmeister.net>
To: Jeff King <peff@peff.net>
Cc: Dennis Kaarsemaker <dennis@kaarsemaker.net>, git@vger.kernel.org
Subject: Re: "git fsck" not detecting garbage at the end of blob object files...
Date: Fri, 13 Jan 2017 04:15:42 -0500 [thread overview]
Message-ID: <CAEBDL5Vf=rvb4fZF87pNYci4sicmzhS_qPJYHHOGcnPTMBhhWg@mail.gmail.com> (raw)
In-Reply-To: <20170108052619.4ucjamsqad4g5add@sigill.intra.peff.net>
On Sun, Jan 8, 2017 at 12:26 AM, Jeff King <peff@peff.net> wrote:
> On Sat, Jan 07, 2017 at 10:47:03PM +0100, Dennis Kaarsemaker wrote:
>> On Sat, 2017-01-07 at 07:50 -0500, John Szakmeister wrote:
>> > I was perusing StackOverflow this morning and ran across this
>> > question: http://stackoverflow.com/questions/41521143/git-fsck-full-only-checking-directories/
>> >
>> > It was a simple question about why "checking objects" was not
>> > appearing, but in it was another issue. The user purposefully
>> > corrupted a blob object file to see if `git fsck` would catch it by
>> > tacking extra data on at the end. `git fsck` happily said everything
>> > was okay, but when I played with things locally I found out that `git
>> > gc` does not like that extra garbage. I'm not sure what the trade-off
>> > needs to be here, but my expectation is that if `git fsck` says
>> > everything is okay, then all operations using that object (file)
>> > should work too.
>> >
>> > Is that unreasonable? What would be the impact of fixing this issue?
>>
>> If you do this with a commit object or tree object, fsck does complain.
>> I think it's sensible to do so for blob objects as well.
>
> The existing extra-garbage check is in unpack_sha1_rest(), which is
> called as part of read_sha1_file(). And that's what we hit for commits
> and trees. However, we check the sha1 of blobs using the streaming
> interface (in case they're large). I think you'd want to put a similar
> check into read_istream_loose(). But note if you are grepping for it, it
> is hidden behind a macro; look for read_method_decl(loose).
That's for the pointer.
> I'm actually not sure if this should be downgrade to a warning. It's
> true that it's a form of corruption, but it doesn't actually prohibit us
> from getting the data we need to complete the operation. Arguably fsck
> should be more picky, but it is just relying on the same parse_object()
> code path that the rest of git uses.
>
> I doubt anybody cares too much either way, though. It's not like this is
> a common thing.
I kind of wonder about that myself too, and I'm not sure what to
think about it. On the one hand, I'd like to know about
*anything* that has changed in an adverse way--it could indicate
a failure somewhere else that needs to be handled. On the other
hand, scaring the user isn't all that advantageous. I guess I'm
in the former camp.
As to whether this is common, yeah, it's probably not. However,
I was surprised by the number of results that turned up when I
search for "garbage at end of loose object".
> I did notice another interesting case when looking at this. Fsck ends up
> in fsck_loose(), which has the sha1 and path of the loose object. It
> passes the sha1 to fsck_sha1(), and ignores the path entirely!
>
> So if you have a duplicate copy of the object in a pack, we'd actually
> find and check the duplicate. This can happen, e.g., if you had a loose
> object and fetched a thin-pack which made a copy of the loose object to
> complete the pack).
>
> Probably fsck_loose() should be more picky about making sure we are
> reading the data from the loose version we found.
Interesting find! Thanks for the information Peff!
-John
next prev parent reply other threads:[~2017-01-13 9:15 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-07 12:50 "git fsck" not detecting garbage at the end of blob object files John Szakmeister
2017-01-07 21:47 ` Dennis Kaarsemaker
2017-01-08 5:26 ` Jeff King
2017-01-13 9:15 ` John Szakmeister [this message]
2017-01-13 17:52 ` [PATCH 0/6] loose-object fsck fixes/tightening Jeff King
2017-01-13 17:54 ` [PATCH 1/6] t1450: refactor loose-object removal Jeff King
2017-01-13 17:54 ` [PATCH 2/6] sha1_file: fix error message for alternate objects Jeff King
2017-01-13 17:55 ` [PATCH 3/6] t1450: test fsck of packed objects Jeff King
2017-01-13 17:58 ` [PATCH 4/6] sha1_file: add read_loose_object() function Jeff King
2017-01-13 17:59 ` [PATCH 5/6] fsck: parse loose object paths directly Jeff King
2018-10-30 20:03 ` Infinite loop regression in git-fsck in v2.12.0 Ævar Arnfjörð Bjarmason
2018-10-30 21:35 ` Jeff King
2018-10-30 22:28 ` Junio C Hamano
2018-10-30 22:56 ` Jeff King
2018-10-30 23:12 ` Jeff King
2018-10-30 23:18 ` [PATCH 1/3] t1450: check large blob in trailing-garbage test Jeff King
2018-10-30 23:23 ` [PATCH 2/3] check_stream_sha1(): handle input underflow Jeff King
2018-10-31 4:23 ` Junio C Hamano
2018-10-31 4:30 ` Jeff King
2018-10-31 4:44 ` Junio C Hamano
2018-10-31 5:03 ` Jeff King
2018-10-31 5:13 ` Jeff King
2018-10-31 5:31 ` Junio C Hamano
2018-10-30 23:23 ` [PATCH 3/3] cat-file: handle streaming failures consistently Jeff King
2018-10-31 12:42 ` [PATCH 0/3] Add a GIT_TEST_FSCK test mode Ævar Arnfjörð Bjarmason
2018-10-31 12:42 ` [PATCH 1/3] tests: add a "env-bool" helper to test-tool Ævar Arnfjörð Bjarmason
2018-10-31 12:42 ` [PATCH 2/3] tests: mark those tests where "git fsck" fails at the end Ævar Arnfjörð Bjarmason
2018-11-01 3:37 ` Junio C Hamano
2018-10-31 12:42 ` [PATCH 3/3] tests: add a special test setup that runs "git fsck" before exiting Ævar Arnfjörð Bjarmason
2018-10-31 13:33 ` [PATCH 3/3] cat-file: handle streaming failures consistently Torsten Bögershausen
2018-10-31 14:23 ` Junio C Hamano
2018-10-31 14:37 ` Jeff King
2018-10-31 17:38 ` Eric Sunshine
2018-10-31 20:29 ` Jeff King
2018-10-30 21:56 ` Infinite loop regression in git-fsck in v2.12.0 Ævar Arnfjörð Bjarmason
2018-10-30 23:08 ` Jeff King
2017-01-13 18:00 ` [PATCH 6/6] fsck: detect trailing garbage in all object types Jeff King
2017-01-19 11:18 ` [PATCH 0/6] loose-object fsck fixes/tightening John Szakmeister
2017-01-13 9:16 ` "git fsck" not detecting garbage at the end of blob object files John Szakmeister
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEBDL5Vf=rvb4fZF87pNYci4sicmzhS_qPJYHHOGcnPTMBhhWg@mail.gmail.com' \
--to=john@szakmeister.net \
--cc=dennis@kaarsemaker.net \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).