From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS31976 209.132.180.0/23 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by dcvr.yhbt.net (Postfix) with ESMTP id C2B60202A5 for ; Mon, 25 Sep 2017 20:32:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966259AbdIYUb7 (ORCPT ); Mon, 25 Sep 2017 16:31:59 -0400 Received: from cloud.peff.net ([104.130.231.41]:49622 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S966250AbdIYUb6 (ORCPT ); Mon, 25 Sep 2017 16:31:58 -0400 Received: (qmail 2584 invoked by uid 109); 25 Sep 2017 20:31:58 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with SMTP; Mon, 25 Sep 2017 20:31:58 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 28561 invoked by uid 111); 25 Sep 2017 20:32:36 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.94) with SMTP; Mon, 25 Sep 2017 16:32:36 -0400 Authentication-Results: peff.net; auth=none Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Mon, 25 Sep 2017 16:31:56 -0400 Date: Mon, 25 Sep 2017 16:31:56 -0400 From: Jeff King To: git@vger.kernel.org Cc: Jonathan Nieder Subject: [PATCH 6/7] worktree: check the result of read_in_full() Message-ID: <20170925203156.boieic627t3dbpzd@sigill.intra.peff.net> References: <20170925202646.agsnpmar3dzocdcr@sigill.intra.peff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20170925202646.agsnpmar3dzocdcr@sigill.intra.peff.net> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org We try to read "len" bytes into a buffer and just assume that it happened correctly. In practice this should usually be the case, since we just stat'd the file to get the length. But we could be fooled by transient errors or by other processes racily truncating the file. Let's be more careful. There's a slim chance this could catch a real error, but it also prevents people and tools from getting worried while reading the code. Signed-off-by: Jeff King --- builtin/worktree.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/builtin/worktree.c b/builtin/worktree.c index 2f4a4ef9cd..87b3d70b0b 100644 --- a/builtin/worktree.c +++ b/builtin/worktree.c @@ -59,7 +59,11 @@ static int prune_worktree(const char *id, struct strbuf *reason) } len = xsize_t(st.st_size); path = xmallocz(len); - read_in_full(fd, path, len); + if (read_in_full(fd, path, len) != len) { + strbuf_addf(reason, _("Removing worktrees/%s: gitdir read did not match stat (%s)"), + id, strerror(errno)); + return 1; + } close(fd); while (len && (path[len - 1] == '\n' || path[len - 1] == '\r')) len--; -- 2.14.1.1148.ga2561536a1