Re: Infinite loop regression in git-fsck in v2.12.0

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Git Mailing List" <git@vger.kernel.org>,
	"John Szakmeister" <john@szakmeister.net>,
	"Dennis Kaarsemaker" <dennis@kaarsemaker.net>
Subject: Re: Infinite loop regression in git-fsck in v2.12.0
Date: Wed, 31 Oct 2018 07:28:00 +0900	[thread overview]
Message-ID: <xmqq4ld3134f.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <20181030213505.GA11319@sigill.intra.peff.net> (Jeff King's message of "Tue, 30 Oct 2018 17:35:05 -0400")

Jeff King <peff@peff.net> writes:

> The problem isn't actually a sha1 mismatch, though that's what
> parse_object() will report. The issue is actually that the file is
> truncated. So zlib does not say "this is corrupt", but rather "I need
> more bytes to keep going". And unfortunately it returns Z_BUF_ERROR both
> for "I need more bytes" (in which we know we are truncated, because we
> fed the whole mmap'd file in the first place) as well as "I need more
> output buffer space" (which just means we should keep looping!).
>
> So we need to distinguish those cases. I think this is the simplest fix:
>
> diff --git a/sha1-file.c b/sha1-file.c
> index dd0b6aa873..a7ff5fe25d 100644
> --- a/sha1-file.c
> +++ b/sha1-file.c
> @@ -2199,6 +2199,7 @@ static int check_stream_sha1(git_zstream *stream,
>  	 * see the comment in unpack_sha1_rest for details.
>  	 */
>  	while (total_read <= size &&
> +	       stream->avail_in > 0 &&
>  	       (status == Z_OK || status == Z_BUF_ERROR)) {
>  		stream->next_out = buf;
>  		stream->avail_out = sizeof(buf);

Hmph.  If the last round consumed the final input byte and needed
output space of N bytes, but only M (< N) bytes of the output space
was available, then it would have reduced both avail_in and
avail_out down to zero and yielded Z_BUF_ERROR, no?  Or would zlib
refrain from consuming that final byte (leaving avail_in to at least
one) and give us Z_BUF_ERROR in such a case?

> This works just by checking that we are making forward progress in the
> output buffer. I think that would _probably_ be OK for this case, since
> we know we have all of the input available. But in a case where we're
> feeding the input in a stream, it would not be. It's possible there that
> we would not create any output in one round, but would do so after
> feeding more input bytes.

Yes, exactly.

> I think the patch I showed above addresses the root cause more directly.
> I'll wrap that up in a real commit, but I think there may be some
> related work:
>
>   - "git show 19f9c827" does complain with "sha1 mismatch" (which isn't
>     strictly correct, but is probably good enough). However, "git
>     cat-file blob 19f9c827" exits non-zero without printing anything. It
>     probably should complain more loudly.
>
>   - the offending loop comes from f6371f9210. But that commit was mostly
>     cargo-culting other parts of sha1-file.c. I'm worried that this bug
>     exists elsewhere, too. I'll dig around to see if I can find other
>     instances.

Thanks.

next prev parent reply	other threads:[~2018-10-30 22:28 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-07 12:50 "git fsck" not detecting garbage at the end of blob object files John Szakmeister
2017-01-07 21:47 ` Dennis Kaarsemaker
2017-01-08  5:26   ` Jeff King
2017-01-13  9:15     ` John Szakmeister
2017-01-13 17:52       ` [PATCH 0/6] loose-object fsck fixes/tightening Jeff King
2017-01-13 17:54         ` [PATCH 1/6] t1450: refactor loose-object removal Jeff King
2017-01-13 17:54         ` [PATCH 2/6] sha1_file: fix error message for alternate objects Jeff King
2017-01-13 17:55         ` [PATCH 3/6] t1450: test fsck of packed objects Jeff King
2017-01-13 17:58         ` [PATCH 4/6] sha1_file: add read_loose_object() function Jeff King
2017-01-13 17:59         ` [PATCH 5/6] fsck: parse loose object paths directly Jeff King
2018-10-30 20:03           ` Infinite loop regression in git-fsck in v2.12.0 Ævar Arnfjörð Bjarmason
2018-10-30 21:35             ` Jeff King
2018-10-30 22:28               ` Junio C Hamano [this message]
2018-10-30 22:56                 ` Jeff King
2018-10-30 23:12                   ` Jeff King
2018-10-30 23:18                     ` [PATCH 1/3] t1450: check large blob in trailing-garbage test Jeff King
2018-10-30 23:23                     ` [PATCH 2/3] check_stream_sha1(): handle input underflow Jeff King
2018-10-31  4:23                       ` Junio C Hamano
2018-10-31  4:30                         ` Jeff King
2018-10-31  4:44                           ` Junio C Hamano
2018-10-31  5:03                             ` Jeff King
2018-10-31  5:13                               ` Jeff King
2018-10-31  5:31                                 ` Junio C Hamano
2018-10-30 23:23                     ` [PATCH 3/3] cat-file: handle streaming failures consistently Jeff King
2018-10-31 12:42                       ` [PATCH 0/3] Add a GIT_TEST_FSCK test mode Ævar Arnfjörð Bjarmason
2018-10-31 12:42                       ` [PATCH 1/3] tests: add a "env-bool" helper to test-tool Ævar Arnfjörð Bjarmason
2018-10-31 12:42                       ` [PATCH 2/3] tests: mark those tests where "git fsck" fails at the end Ævar Arnfjörð Bjarmason
2018-11-01  3:37                         ` Junio C Hamano
2018-10-31 12:42                       ` [PATCH 3/3] tests: add a special test setup that runs "git fsck" before exiting Ævar Arnfjörð Bjarmason
2018-10-31 13:33                       ` [PATCH 3/3] cat-file: handle streaming failures consistently Torsten Bögershausen
2018-10-31 14:23                         ` Junio C Hamano
2018-10-31 14:37                           ` Jeff King
2018-10-31 17:38                       ` Eric Sunshine
2018-10-31 20:29                         ` Jeff King
2018-10-30 21:56             ` Infinite loop regression in git-fsck in v2.12.0 Ævar Arnfjörð Bjarmason
2018-10-30 23:08               ` Jeff King
2017-01-13 18:00         ` [PATCH 6/6] fsck: detect trailing garbage in all object types Jeff King
2017-01-19 11:18         ` [PATCH 0/6] loose-object fsck fixes/tightening John Szakmeister
2017-01-13  9:16   ` "git fsck" not detecting garbage at the end of blob object files John Szakmeister

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqq4ld3134f.fsf@gitster-ct.c.googlers.com \
    --to=gitster@pobox.com \
    --cc=avarab@gmail.com \
    --cc=dennis@kaarsemaker.net \
    --cc=git@vger.kernel.org \
    --cc=john@szakmeister.net \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).