sha1_file.con commit t3508 (cherry-pick): futureproof against unmerged files (18c8ff4)
   1/*
   2 * GIT - The information manager from hell
   3 *
   4 * Copyright (C) Linus Torvalds, 2005
   5 *
   6 * This handles basic git sha1 object files - packing, unpacking,
   7 * creation etc.
   8 */
   9#include "cache.h"
  10#include "delta.h"
  11#include "pack.h"
  12#include "blob.h"
  13#include "commit.h"
  14#include "tag.h"
  15#include "tree.h"
  16#include "refs.h"
  17#include "pack-revindex.h"
  18#include "sha1-lookup.h"
  19
  20#ifndef O_NOATIME
  21#if defined(__linux__) && (defined(__i386__) || defined(__PPC__))
  22#define O_NOATIME 01000000
  23#else
  24#define O_NOATIME 0
  25#endif
  26#endif
  27
  28#ifdef NO_C99_FORMAT
  29#define SZ_FMT "lu"
  30static unsigned long sz_fmt(size_t s) { return (unsigned long)s; }
  31#else
  32#define SZ_FMT "zu"
  33static size_t sz_fmt(size_t s) { return s; }
  34#endif
  35
  36const unsigned char null_sha1[20];
  37
  38int safe_create_leading_directories(char *path)
  39{
  40        char *pos = path + offset_1st_component(path);
  41        struct stat st;
  42
  43        while (pos) {
  44                pos = strchr(pos, '/');
  45                if (!pos)
  46                        break;
  47                while (*++pos == '/')
  48                        ;
  49                if (!*pos)
  50                        break;
  51                *--pos = '\0';
  52                if (!stat(path, &st)) {
  53                        /* path exists */
  54                        if (!S_ISDIR(st.st_mode)) {
  55                                *pos = '/';
  56                                return -3;
  57                        }
  58                }
  59                else if (mkdir(path, 0777)) {
  60                        *pos = '/';
  61                        return -1;
  62                }
  63                else if (adjust_shared_perm(path)) {
  64                        *pos = '/';
  65                        return -2;
  66                }
  67                *pos++ = '/';
  68        }
  69        return 0;
  70}
  71
  72int safe_create_leading_directories_const(const char *path)
  73{
  74        /* path points to cache entries, so xstrdup before messing with it */
  75        char *buf = xstrdup(path);
  76        int result = safe_create_leading_directories(buf);
  77        free(buf);
  78        return result;
  79}
  80
  81static void fill_sha1_path(char *pathbuf, const unsigned char *sha1)
  82{
  83        int i;
  84        for (i = 0; i < 20; i++) {
  85                static char hex[] = "0123456789abcdef";
  86                unsigned int val = sha1[i];
  87                char *pos = pathbuf + i*2 + (i > 0);
  88                *pos++ = hex[val >> 4];
  89                *pos = hex[val & 0xf];
  90        }
  91}
  92
  93/*
  94 * NOTE! This returns a statically allocated buffer, so you have to be
  95 * careful about using it. Do an "xstrdup()" if you need to save the
  96 * filename.
  97 *
  98 * Also note that this returns the location for creating.  Reading
  99 * SHA1 file can happen from any alternate directory listed in the
 100 * DB_ENVIRONMENT environment variable if it is not found in
 101 * the primary object database.
 102 */
 103char *sha1_file_name(const unsigned char *sha1)
 104{
 105        static char *name, *base;
 106
 107        if (!base) {
 108                const char *sha1_file_directory = get_object_directory();
 109                int len = strlen(sha1_file_directory);
 110                base = xmalloc(len + 60);
 111                memcpy(base, sha1_file_directory, len);
 112                memset(base+len, 0, 60);
 113                base[len] = '/';
 114                base[len+3] = '/';
 115                name = base + len + 1;
 116        }
 117        fill_sha1_path(name, sha1);
 118        return base;
 119}
 120
 121static char *sha1_get_pack_name(const unsigned char *sha1,
 122                                char **name, char **base, const char *which)
 123{
 124        static const char hex[] = "0123456789abcdef";
 125        char *buf;
 126        int i;
 127
 128        if (!*base) {
 129                const char *sha1_file_directory = get_object_directory();
 130                int len = strlen(sha1_file_directory);
 131                *base = xmalloc(len + 60);
 132                sprintf(*base, "%s/pack/pack-1234567890123456789012345678901234567890.%s",
 133                        sha1_file_directory, which);
 134                *name = *base + len + 11;
 135        }
 136
 137        buf = *name;
 138
 139        for (i = 0; i < 20; i++) {
 140                unsigned int val = *sha1++;
 141                *buf++ = hex[val >> 4];
 142                *buf++ = hex[val & 0xf];
 143        }
 144
 145        return *base;
 146}
 147
 148char *sha1_pack_name(const unsigned char *sha1)
 149{
 150        static char *name, *base;
 151
 152        return sha1_get_pack_name(sha1, &name, &base, "pack");
 153}
 154
 155char *sha1_pack_index_name(const unsigned char *sha1)
 156{
 157        static char *name, *base;
 158
 159        return sha1_get_pack_name(sha1, &name, &base, "idx");
 160}
 161
 162struct alternate_object_database *alt_odb_list;
 163static struct alternate_object_database **alt_odb_tail;
 164
 165static void read_info_alternates(const char * alternates, int depth);
 166
 167/*
 168 * Prepare alternate object database registry.
 169 *
 170 * The variable alt_odb_list points at the list of struct
 171 * alternate_object_database.  The elements on this list come from
 172 * non-empty elements from colon separated ALTERNATE_DB_ENVIRONMENT
 173 * environment variable, and $GIT_OBJECT_DIRECTORY/info/alternates,
 174 * whose contents is similar to that environment variable but can be
 175 * LF separated.  Its base points at a statically allocated buffer that
 176 * contains "/the/directory/corresponding/to/.git/objects/...", while
 177 * its name points just after the slash at the end of ".git/objects/"
 178 * in the example above, and has enough space to hold 40-byte hex
 179 * SHA1, an extra slash for the first level indirection, and the
 180 * terminating NUL.
 181 */
 182static int link_alt_odb_entry(const char * entry, int len, const char * relative_base, int depth)
 183{
 184        const char *objdir = get_object_directory();
 185        struct alternate_object_database *ent;
 186        struct alternate_object_database *alt;
 187        /* 43 = 40-byte + 2 '/' + terminating NUL */
 188        int pfxlen = len;
 189        int entlen = pfxlen + 43;
 190        int base_len = -1;
 191
 192        if (!is_absolute_path(entry) && relative_base) {
 193                /* Relative alt-odb */
 194                if (base_len < 0)
 195                        base_len = strlen(relative_base) + 1;
 196                entlen += base_len;
 197                pfxlen += base_len;
 198        }
 199        ent = xmalloc(sizeof(*ent) + entlen);
 200
 201        if (!is_absolute_path(entry) && relative_base) {
 202                memcpy(ent->base, relative_base, base_len - 1);
 203                ent->base[base_len - 1] = '/';
 204                memcpy(ent->base + base_len, entry, len);
 205        }
 206        else
 207                memcpy(ent->base, entry, pfxlen);
 208
 209        ent->name = ent->base + pfxlen + 1;
 210        ent->base[pfxlen + 3] = '/';
 211        ent->base[pfxlen] = ent->base[entlen-1] = 0;
 212
 213        /* Detect cases where alternate disappeared */
 214        if (!is_directory(ent->base)) {
 215                error("object directory %s does not exist; "
 216                      "check .git/objects/info/alternates.",
 217                      ent->base);
 218                free(ent);
 219                return -1;
 220        }
 221
 222        /* Prevent the common mistake of listing the same
 223         * thing twice, or object directory itself.
 224         */
 225        for (alt = alt_odb_list; alt; alt = alt->next) {
 226                if (!memcmp(ent->base, alt->base, pfxlen)) {
 227                        free(ent);
 228                        return -1;
 229                }
 230        }
 231        if (!memcmp(ent->base, objdir, pfxlen)) {
 232                free(ent);
 233                return -1;
 234        }
 235
 236        /* add the alternate entry */
 237        *alt_odb_tail = ent;
 238        alt_odb_tail = &(ent->next);
 239        ent->next = NULL;
 240
 241        /* recursively add alternates */
 242        read_info_alternates(ent->base, depth + 1);
 243
 244        ent->base[pfxlen] = '/';
 245
 246        return 0;
 247}
 248
 249static void link_alt_odb_entries(const char *alt, const char *ep, int sep,
 250                                 const char *relative_base, int depth)
 251{
 252        const char *cp, *last;
 253
 254        if (depth > 5) {
 255                error("%s: ignoring alternate object stores, nesting too deep.",
 256                                relative_base);
 257                return;
 258        }
 259
 260        last = alt;
 261        while (last < ep) {
 262                cp = last;
 263                if (cp < ep && *cp == '#') {
 264                        while (cp < ep && *cp != sep)
 265                                cp++;
 266                        last = cp + 1;
 267                        continue;
 268                }
 269                while (cp < ep && *cp != sep)
 270                        cp++;
 271                if (last != cp) {
 272                        if (!is_absolute_path(last) && depth) {
 273                                error("%s: ignoring relative alternate object store %s",
 274                                                relative_base, last);
 275                        } else {
 276                                link_alt_odb_entry(last, cp - last,
 277                                                relative_base, depth);
 278                        }
 279                }
 280                while (cp < ep && *cp == sep)
 281                        cp++;
 282                last = cp;
 283        }
 284}
 285
 286static void read_info_alternates(const char * relative_base, int depth)
 287{
 288        char *map;
 289        size_t mapsz;
 290        struct stat st;
 291        const char alt_file_name[] = "info/alternates";
 292        /* Given that relative_base is no longer than PATH_MAX,
 293           ensure that "path" has enough space to append "/", the
 294           file name, "info/alternates", and a trailing NUL.  */
 295        char path[PATH_MAX + 1 + sizeof alt_file_name];
 296        int fd;
 297
 298        sprintf(path, "%s/%s", relative_base, alt_file_name);
 299        fd = open(path, O_RDONLY);
 300        if (fd < 0)
 301                return;
 302        if (fstat(fd, &st) || (st.st_size == 0)) {
 303                close(fd);
 304                return;
 305        }
 306        mapsz = xsize_t(st.st_size);
 307        map = xmmap(NULL, mapsz, PROT_READ, MAP_PRIVATE, fd, 0);
 308        close(fd);
 309
 310        link_alt_odb_entries(map, map + mapsz, '\n', relative_base, depth);
 311
 312        munmap(map, mapsz);
 313}
 314
 315void add_to_alternates_file(const char *reference)
 316{
 317        struct lock_file *lock = xcalloc(1, sizeof(struct lock_file));
 318        int fd = hold_lock_file_for_append(lock, git_path("objects/info/alternates"), LOCK_DIE_ON_ERROR);
 319        char *alt = mkpath("%s/objects\n", reference);
 320        write_or_die(fd, alt, strlen(alt));
 321        if (commit_lock_file(lock))
 322                die("could not close alternates file");
 323        if (alt_odb_tail)
 324                link_alt_odb_entries(alt, alt + strlen(alt), '\n', NULL, 0);
 325}
 326
 327void foreach_alt_odb(alt_odb_fn fn, void *cb)
 328{
 329        struct alternate_object_database *ent;
 330
 331        prepare_alt_odb();
 332        for (ent = alt_odb_list; ent; ent = ent->next)
 333                if (fn(ent, cb))
 334                        return;
 335}
 336
 337void prepare_alt_odb(void)
 338{
 339        const char *alt;
 340
 341        if (alt_odb_tail)
 342                return;
 343
 344        alt = getenv(ALTERNATE_DB_ENVIRONMENT);
 345        if (!alt) alt = "";
 346
 347        alt_odb_tail = &alt_odb_list;
 348        link_alt_odb_entries(alt, alt + strlen(alt), PATH_SEP, NULL, 0);
 349
 350        read_info_alternates(get_object_directory(), 0);
 351}
 352
 353static int has_loose_object_local(const unsigned char *sha1)
 354{
 355        char *name = sha1_file_name(sha1);
 356        return !access(name, F_OK);
 357}
 358
 359int has_loose_object_nonlocal(const unsigned char *sha1)
 360{
 361        struct alternate_object_database *alt;
 362        prepare_alt_odb();
 363        for (alt = alt_odb_list; alt; alt = alt->next) {
 364                fill_sha1_path(alt->name, sha1);
 365                if (!access(alt->base, F_OK))
 366                        return 1;
 367        }
 368        return 0;
 369}
 370
 371static int has_loose_object(const unsigned char *sha1)
 372{
 373        return has_loose_object_local(sha1) ||
 374               has_loose_object_nonlocal(sha1);
 375}
 376
 377static unsigned int pack_used_ctr;
 378static unsigned int pack_mmap_calls;
 379static unsigned int peak_pack_open_windows;
 380static unsigned int pack_open_windows;
 381static size_t peak_pack_mapped;
 382static size_t pack_mapped;
 383struct packed_git *packed_git;
 384
 385void pack_report(void)
 386{
 387        fprintf(stderr,
 388                "pack_report: getpagesize()            = %10" SZ_FMT "\n"
 389                "pack_report: core.packedGitWindowSize = %10" SZ_FMT "\n"
 390                "pack_report: core.packedGitLimit      = %10" SZ_FMT "\n",
 391                sz_fmt(getpagesize()),
 392                sz_fmt(packed_git_window_size),
 393                sz_fmt(packed_git_limit));
 394        fprintf(stderr,
 395                "pack_report: pack_used_ctr            = %10u\n"
 396                "pack_report: pack_mmap_calls          = %10u\n"
 397                "pack_report: pack_open_windows        = %10u / %10u\n"
 398                "pack_report: pack_mapped              = "
 399                        "%10" SZ_FMT " / %10" SZ_FMT "\n",
 400                pack_used_ctr,
 401                pack_mmap_calls,
 402                pack_open_windows, peak_pack_open_windows,
 403                sz_fmt(pack_mapped), sz_fmt(peak_pack_mapped));
 404}
 405
 406static int check_packed_git_idx(const char *path,  struct packed_git *p)
 407{
 408        void *idx_map;
 409        struct pack_idx_header *hdr;
 410        size_t idx_size;
 411        uint32_t version, nr, i, *index;
 412        int fd = open(path, O_RDONLY);
 413        struct stat st;
 414
 415        if (fd < 0)
 416                return -1;
 417        if (fstat(fd, &st)) {
 418                close(fd);
 419                return -1;
 420        }
 421        idx_size = xsize_t(st.st_size);
 422        if (idx_size < 4 * 256 + 20 + 20) {
 423                close(fd);
 424                return error("index file %s is too small", path);
 425        }
 426        idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
 427        close(fd);
 428
 429        hdr = idx_map;
 430        if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) {
 431                version = ntohl(hdr->idx_version);
 432                if (version < 2 || version > 2) {
 433                        munmap(idx_map, idx_size);
 434                        return error("index file %s is version %"PRIu32
 435                                     " and is not supported by this binary"
 436                                     " (try upgrading GIT to a newer version)",
 437                                     path, version);
 438                }
 439        } else
 440                version = 1;
 441
 442        nr = 0;
 443        index = idx_map;
 444        if (version > 1)
 445                index += 2;  /* skip index header */
 446        for (i = 0; i < 256; i++) {
 447                uint32_t n = ntohl(index[i]);
 448                if (n < nr) {
 449                        munmap(idx_map, idx_size);
 450                        return error("non-monotonic index %s", path);
 451                }
 452                nr = n;
 453        }
 454
 455        if (version == 1) {
 456                /*
 457                 * Total size:
 458                 *  - 256 index entries 4 bytes each
 459                 *  - 24-byte entries * nr (20-byte sha1 + 4-byte offset)
 460                 *  - 20-byte SHA1 of the packfile
 461                 *  - 20-byte SHA1 file checksum
 462                 */
 463                if (idx_size != 4*256 + nr * 24 + 20 + 20) {
 464                        munmap(idx_map, idx_size);
 465                        return error("wrong index v1 file size in %s", path);
 466                }
 467        } else if (version == 2) {
 468                /*
 469                 * Minimum size:
 470                 *  - 8 bytes of header
 471                 *  - 256 index entries 4 bytes each
 472                 *  - 20-byte sha1 entry * nr
 473                 *  - 4-byte crc entry * nr
 474                 *  - 4-byte offset entry * nr
 475                 *  - 20-byte SHA1 of the packfile
 476                 *  - 20-byte SHA1 file checksum
 477                 * And after the 4-byte offset table might be a
 478                 * variable sized table containing 8-byte entries
 479                 * for offsets larger than 2^31.
 480                 */
 481                unsigned long min_size = 8 + 4*256 + nr*(20 + 4 + 4) + 20 + 20;
 482                unsigned long max_size = min_size;
 483                if (nr)
 484                        max_size += (nr - 1)*8;
 485                if (idx_size < min_size || idx_size > max_size) {
 486                        munmap(idx_map, idx_size);
 487                        return error("wrong index v2 file size in %s", path);
 488                }
 489                if (idx_size != min_size &&
 490                    /*
 491                     * make sure we can deal with large pack offsets.
 492                     * 31-bit signed offset won't be enough, neither
 493                     * 32-bit unsigned one will be.
 494                     */
 495                    (sizeof(off_t) <= 4)) {
 496                        munmap(idx_map, idx_size);
 497                        return error("pack too large for current definition of off_t in %s", path);
 498                }
 499        }
 500
 501        p->index_version = version;
 502        p->index_data = idx_map;
 503        p->index_size = idx_size;
 504        p->num_objects = nr;
 505        return 0;
 506}
 507
 508int open_pack_index(struct packed_git *p)
 509{
 510        char *idx_name;
 511        int ret;
 512
 513        if (p->index_data)
 514                return 0;
 515
 516        idx_name = xstrdup(p->pack_name);
 517        strcpy(idx_name + strlen(idx_name) - strlen(".pack"), ".idx");
 518        ret = check_packed_git_idx(idx_name, p);
 519        free(idx_name);
 520        return ret;
 521}
 522
 523static void scan_windows(struct packed_git *p,
 524        struct packed_git **lru_p,
 525        struct pack_window **lru_w,
 526        struct pack_window **lru_l)
 527{
 528        struct pack_window *w, *w_l;
 529
 530        for (w_l = NULL, w = p->windows; w; w = w->next) {
 531                if (!w->inuse_cnt) {
 532                        if (!*lru_w || w->last_used < (*lru_w)->last_used) {
 533                                *lru_p = p;
 534                                *lru_w = w;
 535                                *lru_l = w_l;
 536                        }
 537                }
 538                w_l = w;
 539        }
 540}
 541
 542static int unuse_one_window(struct packed_git *current, int keep_fd)
 543{
 544        struct packed_git *p, *lru_p = NULL;
 545        struct pack_window *lru_w = NULL, *lru_l = NULL;
 546
 547        if (current)
 548                scan_windows(current, &lru_p, &lru_w, &lru_l);
 549        for (p = packed_git; p; p = p->next)
 550                scan_windows(p, &lru_p, &lru_w, &lru_l);
 551        if (lru_p) {
 552                munmap(lru_w->base, lru_w->len);
 553                pack_mapped -= lru_w->len;
 554                if (lru_l)
 555                        lru_l->next = lru_w->next;
 556                else {
 557                        lru_p->windows = lru_w->next;
 558                        if (!lru_p->windows && lru_p->pack_fd != keep_fd) {
 559                                close(lru_p->pack_fd);
 560                                lru_p->pack_fd = -1;
 561                        }
 562                }
 563                free(lru_w);
 564                pack_open_windows--;
 565                return 1;
 566        }
 567        return 0;
 568}
 569
 570void release_pack_memory(size_t need, int fd)
 571{
 572        size_t cur = pack_mapped;
 573        while (need >= (cur - pack_mapped) && unuse_one_window(NULL, fd))
 574                ; /* nothing */
 575}
 576
 577void close_pack_windows(struct packed_git *p)
 578{
 579        while (p->windows) {
 580                struct pack_window *w = p->windows;
 581
 582                if (w->inuse_cnt)
 583                        die("pack '%s' still has open windows to it",
 584                            p->pack_name);
 585                munmap(w->base, w->len);
 586                pack_mapped -= w->len;
 587                pack_open_windows--;
 588                p->windows = w->next;
 589                free(w);
 590        }
 591}
 592
 593void unuse_pack(struct pack_window **w_cursor)
 594{
 595        struct pack_window *w = *w_cursor;
 596        if (w) {
 597                w->inuse_cnt--;
 598                *w_cursor = NULL;
 599        }
 600}
 601
 602void close_pack_index(struct packed_git *p)
 603{
 604        if (p->index_data) {
 605                munmap((void *)p->index_data, p->index_size);
 606                p->index_data = NULL;
 607        }
 608}
 609
 610/*
 611 * This is used by git-repack in case a newly created pack happens to
 612 * contain the same set of objects as an existing one.  In that case
 613 * the resulting file might be different even if its name would be the
 614 * same.  It is best to close any reference to the old pack before it is
 615 * replaced on disk.  Of course no index pointers nor windows for given pack
 616 * must subsist at this point.  If ever objects from this pack are requested
 617 * again, the new version of the pack will be reinitialized through
 618 * reprepare_packed_git().
 619 */
 620void free_pack_by_name(const char *pack_name)
 621{
 622        struct packed_git *p, **pp = &packed_git;
 623
 624        while (*pp) {
 625                p = *pp;
 626                if (strcmp(pack_name, p->pack_name) == 0) {
 627                        clear_delta_base_cache();
 628                        close_pack_windows(p);
 629                        if (p->pack_fd != -1)
 630                                close(p->pack_fd);
 631                        close_pack_index(p);
 632                        free(p->bad_object_sha1);
 633                        *pp = p->next;
 634                        free(p);
 635                        return;
 636                }
 637                pp = &p->next;
 638        }
 639}
 640
 641/*
 642 * Do not call this directly as this leaks p->pack_fd on error return;
 643 * call open_packed_git() instead.
 644 */
 645static int open_packed_git_1(struct packed_git *p)
 646{
 647        struct stat st;
 648        struct pack_header hdr;
 649        unsigned char sha1[20];
 650        unsigned char *idx_sha1;
 651        long fd_flag;
 652
 653        if (!p->index_data && open_pack_index(p))
 654                return error("packfile %s index unavailable", p->pack_name);
 655
 656        p->pack_fd = open(p->pack_name, O_RDONLY);
 657        while (p->pack_fd < 0 && errno == EMFILE && unuse_one_window(p, -1))
 658                p->pack_fd = open(p->pack_name, O_RDONLY);
 659        if (p->pack_fd < 0 || fstat(p->pack_fd, &st))
 660                return -1;
 661
 662        /* If we created the struct before we had the pack we lack size. */
 663        if (!p->pack_size) {
 664                if (!S_ISREG(st.st_mode))
 665                        return error("packfile %s not a regular file", p->pack_name);
 666                p->pack_size = st.st_size;
 667        } else if (p->pack_size != st.st_size)
 668                return error("packfile %s size changed", p->pack_name);
 669
 670        /* We leave these file descriptors open with sliding mmap;
 671         * there is no point keeping them open across exec(), though.
 672         */
 673        fd_flag = fcntl(p->pack_fd, F_GETFD, 0);
 674        if (fd_flag < 0)
 675                return error("cannot determine file descriptor flags");
 676        fd_flag |= FD_CLOEXEC;
 677        if (fcntl(p->pack_fd, F_SETFD, fd_flag) == -1)
 678                return error("cannot set FD_CLOEXEC");
 679
 680        /* Verify we recognize this pack file format. */
 681        if (read_in_full(p->pack_fd, &hdr, sizeof(hdr)) != sizeof(hdr))
 682                return error("file %s is far too short to be a packfile", p->pack_name);
 683        if (hdr.hdr_signature != htonl(PACK_SIGNATURE))
 684                return error("file %s is not a GIT packfile", p->pack_name);
 685        if (!pack_version_ok(hdr.hdr_version))
 686                return error("packfile %s is version %"PRIu32" and not"
 687                        " supported (try upgrading GIT to a newer version)",
 688                        p->pack_name, ntohl(hdr.hdr_version));
 689
 690        /* Verify the pack matches its index. */
 691        if (p->num_objects != ntohl(hdr.hdr_entries))
 692                return error("packfile %s claims to have %"PRIu32" objects"
 693                             " while index indicates %"PRIu32" objects",
 694                             p->pack_name, ntohl(hdr.hdr_entries),
 695                             p->num_objects);
 696        if (lseek(p->pack_fd, p->pack_size - sizeof(sha1), SEEK_SET) == -1)
 697                return error("end of packfile %s is unavailable", p->pack_name);
 698        if (read_in_full(p->pack_fd, sha1, sizeof(sha1)) != sizeof(sha1))
 699                return error("packfile %s signature is unavailable", p->pack_name);
 700        idx_sha1 = ((unsigned char *)p->index_data) + p->index_size - 40;
 701        if (hashcmp(sha1, idx_sha1))
 702                return error("packfile %s does not match index", p->pack_name);
 703        return 0;
 704}
 705
 706static int open_packed_git(struct packed_git *p)
 707{
 708        if (!open_packed_git_1(p))
 709                return 0;
 710        if (p->pack_fd != -1) {
 711                close(p->pack_fd);
 712                p->pack_fd = -1;
 713        }
 714        return -1;
 715}
 716
 717static int in_window(struct pack_window *win, off_t offset)
 718{
 719        /* We must promise at least 20 bytes (one hash) after the
 720         * offset is available from this window, otherwise the offset
 721         * is not actually in this window and a different window (which
 722         * has that one hash excess) must be used.  This is to support
 723         * the object header and delta base parsing routines below.
 724         */
 725        off_t win_off = win->offset;
 726        return win_off <= offset
 727                && (offset + 20) <= (win_off + win->len);
 728}
 729
 730unsigned char *use_pack(struct packed_git *p,
 731                struct pack_window **w_cursor,
 732                off_t offset,
 733                unsigned int *left)
 734{
 735        struct pack_window *win = *w_cursor;
 736
 737        if (p->pack_fd == -1 && open_packed_git(p))
 738                die("packfile %s cannot be accessed", p->pack_name);
 739
 740        /* Since packfiles end in a hash of their content and it's
 741         * pointless to ask for an offset into the middle of that
 742         * hash, and the in_window function above wouldn't match
 743         * don't allow an offset too close to the end of the file.
 744         */
 745        if (offset > (p->pack_size - 20))
 746                die("offset beyond end of packfile (truncated pack?)");
 747
 748        if (!win || !in_window(win, offset)) {
 749                if (win)
 750                        win->inuse_cnt--;
 751                for (win = p->windows; win; win = win->next) {
 752                        if (in_window(win, offset))
 753                                break;
 754                }
 755                if (!win) {
 756                        size_t window_align = packed_git_window_size / 2;
 757                        off_t len;
 758                        win = xcalloc(1, sizeof(*win));
 759                        win->offset = (offset / window_align) * window_align;
 760                        len = p->pack_size - win->offset;
 761                        if (len > packed_git_window_size)
 762                                len = packed_git_window_size;
 763                        win->len = (size_t)len;
 764                        pack_mapped += win->len;
 765                        while (packed_git_limit < pack_mapped
 766                                && unuse_one_window(p, p->pack_fd))
 767                                ; /* nothing */
 768                        win->base = xmmap(NULL, win->len,
 769                                PROT_READ, MAP_PRIVATE,
 770                                p->pack_fd, win->offset);
 771                        if (win->base == MAP_FAILED)
 772                                die("packfile %s cannot be mapped: %s",
 773                                        p->pack_name,
 774                                        strerror(errno));
 775                        pack_mmap_calls++;
 776                        pack_open_windows++;
 777                        if (pack_mapped > peak_pack_mapped)
 778                                peak_pack_mapped = pack_mapped;
 779                        if (pack_open_windows > peak_pack_open_windows)
 780                                peak_pack_open_windows = pack_open_windows;
 781                        win->next = p->windows;
 782                        p->windows = win;
 783                }
 784        }
 785        if (win != *w_cursor) {
 786                win->last_used = pack_used_ctr++;
 787                win->inuse_cnt++;
 788                *w_cursor = win;
 789        }
 790        offset -= win->offset;
 791        if (left)
 792                *left = win->len - xsize_t(offset);
 793        return win->base + offset;
 794}
 795
 796static struct packed_git *alloc_packed_git(int extra)
 797{
 798        struct packed_git *p = xmalloc(sizeof(*p) + extra);
 799        memset(p, 0, sizeof(*p));
 800        p->pack_fd = -1;
 801        return p;
 802}
 803
 804struct packed_git *add_packed_git(const char *path, int path_len, int local)
 805{
 806        struct stat st;
 807        struct packed_git *p = alloc_packed_git(path_len + 2);
 808
 809        /*
 810         * Make sure a corresponding .pack file exists and that
 811         * the index looks sane.
 812         */
 813        path_len -= strlen(".idx");
 814        if (path_len < 1) {
 815                free(p);
 816                return NULL;
 817        }
 818        memcpy(p->pack_name, path, path_len);
 819
 820        strcpy(p->pack_name + path_len, ".keep");
 821        if (!access(p->pack_name, F_OK))
 822                p->pack_keep = 1;
 823
 824        strcpy(p->pack_name + path_len, ".pack");
 825        if (stat(p->pack_name, &st) || !S_ISREG(st.st_mode)) {
 826                free(p);
 827                return NULL;
 828        }
 829
 830        /* ok, it looks sane as far as we can check without
 831         * actually mapping the pack file.
 832         */
 833        p->pack_size = st.st_size;
 834        p->pack_local = local;
 835        p->mtime = st.st_mtime;
 836        if (path_len < 40 || get_sha1_hex(path + path_len - 40, p->sha1))
 837                hashclr(p->sha1);
 838        return p;
 839}
 840
 841struct packed_git *parse_pack_index(unsigned char *sha1, const char *idx_path)
 842{
 843        const char *path = sha1_pack_name(sha1);
 844        struct packed_git *p = alloc_packed_git(strlen(path) + 1);
 845
 846        strcpy(p->pack_name, path);
 847        hashcpy(p->sha1, sha1);
 848        if (check_packed_git_idx(idx_path, p)) {
 849                free(p);
 850                return NULL;
 851        }
 852
 853        return p;
 854}
 855
 856void install_packed_git(struct packed_git *pack)
 857{
 858        pack->next = packed_git;
 859        packed_git = pack;
 860}
 861
 862static void prepare_packed_git_one(char *objdir, int local)
 863{
 864        /* Ensure that this buffer is large enough so that we can
 865           append "/pack/" without clobbering the stack even if
 866           strlen(objdir) were PATH_MAX.  */
 867        char path[PATH_MAX + 1 + 4 + 1 + 1];
 868        int len;
 869        DIR *dir;
 870        struct dirent *de;
 871
 872        sprintf(path, "%s/pack", objdir);
 873        len = strlen(path);
 874        dir = opendir(path);
 875        while (!dir && errno == EMFILE && unuse_one_window(packed_git, -1))
 876                dir = opendir(path);
 877        if (!dir) {
 878                if (errno != ENOENT)
 879                        error("unable to open object pack directory: %s: %s",
 880                              path, strerror(errno));
 881                return;
 882        }
 883        path[len++] = '/';
 884        while ((de = readdir(dir)) != NULL) {
 885                int namelen = strlen(de->d_name);
 886                struct packed_git *p;
 887
 888                if (!has_extension(de->d_name, ".idx"))
 889                        continue;
 890
 891                if (len + namelen + 1 > sizeof(path))
 892                        continue;
 893
 894                /* Don't reopen a pack we already have. */
 895                strcpy(path + len, de->d_name);
 896                for (p = packed_git; p; p = p->next) {
 897                        if (!memcmp(path, p->pack_name, len + namelen - 4))
 898                                break;
 899                }
 900                if (p)
 901                        continue;
 902                /* See if it really is a valid .idx file with corresponding
 903                 * .pack file that we can map.
 904                 */
 905                p = add_packed_git(path, len + namelen, local);
 906                if (!p)
 907                        continue;
 908                install_packed_git(p);
 909        }
 910        closedir(dir);
 911}
 912
 913static int sort_pack(const void *a_, const void *b_)
 914{
 915        struct packed_git *a = *((struct packed_git **)a_);
 916        struct packed_git *b = *((struct packed_git **)b_);
 917        int st;
 918
 919        /*
 920         * Local packs tend to contain objects specific to our
 921         * variant of the project than remote ones.  In addition,
 922         * remote ones could be on a network mounted filesystem.
 923         * Favor local ones for these reasons.
 924         */
 925        st = a->pack_local - b->pack_local;
 926        if (st)
 927                return -st;
 928
 929        /*
 930         * Younger packs tend to contain more recent objects,
 931         * and more recent objects tend to get accessed more
 932         * often.
 933         */
 934        if (a->mtime < b->mtime)
 935                return 1;
 936        else if (a->mtime == b->mtime)
 937                return 0;
 938        return -1;
 939}
 940
 941static void rearrange_packed_git(void)
 942{
 943        struct packed_git **ary, *p;
 944        int i, n;
 945
 946        for (n = 0, p = packed_git; p; p = p->next)
 947                n++;
 948        if (n < 2)
 949                return;
 950
 951        /* prepare an array of packed_git for easier sorting */
 952        ary = xcalloc(n, sizeof(struct packed_git *));
 953        for (n = 0, p = packed_git; p; p = p->next)
 954                ary[n++] = p;
 955
 956        qsort(ary, n, sizeof(struct packed_git *), sort_pack);
 957
 958        /* link them back again */
 959        for (i = 0; i < n - 1; i++)
 960                ary[i]->next = ary[i + 1];
 961        ary[n - 1]->next = NULL;
 962        packed_git = ary[0];
 963
 964        free(ary);
 965}
 966
 967static int prepare_packed_git_run_once = 0;
 968void prepare_packed_git(void)
 969{
 970        struct alternate_object_database *alt;
 971
 972        if (prepare_packed_git_run_once)
 973                return;
 974        prepare_packed_git_one(get_object_directory(), 1);
 975        prepare_alt_odb();
 976        for (alt = alt_odb_list; alt; alt = alt->next) {
 977                alt->name[-1] = 0;
 978                prepare_packed_git_one(alt->base, 0);
 979                alt->name[-1] = '/';
 980        }
 981        rearrange_packed_git();
 982        prepare_packed_git_run_once = 1;
 983}
 984
 985void reprepare_packed_git(void)
 986{
 987        discard_revindex();
 988        prepare_packed_git_run_once = 0;
 989        prepare_packed_git();
 990}
 991
 992static void mark_bad_packed_object(struct packed_git *p,
 993                                   const unsigned char *sha1)
 994{
 995        unsigned i;
 996        for (i = 0; i < p->num_bad_objects; i++)
 997                if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
 998                        return;
 999        p->bad_object_sha1 = xrealloc(p->bad_object_sha1, 20 * (p->num_bad_objects + 1));
1000        hashcpy(p->bad_object_sha1 + 20 * p->num_bad_objects, sha1);
1001        p->num_bad_objects++;
1002}
1003
1004static int has_packed_and_bad(const unsigned char *sha1)
1005{
1006        struct packed_git *p;
1007        unsigned i;
1008
1009        for (p = packed_git; p; p = p->next)
1010                for (i = 0; i < p->num_bad_objects; i++)
1011                        if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
1012                                return 1;
1013        return 0;
1014}
1015
1016int check_sha1_signature(const unsigned char *sha1, void *map, unsigned long size, const char *type)
1017{
1018        unsigned char real_sha1[20];
1019        hash_sha1_file(map, size, type, real_sha1);
1020        return hashcmp(sha1, real_sha1) ? -1 : 0;
1021}
1022
1023static int git_open_noatime(const char *name)
1024{
1025        static int sha1_file_open_flag = O_NOATIME;
1026        int fd = open(name, O_RDONLY | sha1_file_open_flag);
1027
1028        /* Might the failure be due to O_NOATIME? */
1029        if (fd < 0 && errno != ENOENT && sha1_file_open_flag) {
1030                fd = open(name, O_RDONLY);
1031                if (fd >= 0)
1032                        sha1_file_open_flag = 0;
1033        }
1034        return fd;
1035}
1036
1037static int open_sha1_file(const unsigned char *sha1)
1038{
1039        int fd;
1040        char *name = sha1_file_name(sha1);
1041        struct alternate_object_database *alt;
1042
1043        fd = git_open_noatime(name);
1044        if (fd >= 0)
1045                return fd;
1046
1047        prepare_alt_odb();
1048        errno = ENOENT;
1049        for (alt = alt_odb_list; alt; alt = alt->next) {
1050                name = alt->name;
1051                fill_sha1_path(name, sha1);
1052                fd = git_open_noatime(alt->base);
1053                if (fd >= 0)
1054                        return fd;
1055        }
1056        return -1;
1057}
1058
1059static void *map_sha1_file(const unsigned char *sha1, unsigned long *size)
1060{
1061        void *map;
1062        int fd;
1063
1064        fd = open_sha1_file(sha1);
1065        map = NULL;
1066        if (fd >= 0) {
1067                struct stat st;
1068
1069                if (!fstat(fd, &st)) {
1070                        *size = xsize_t(st.st_size);
1071                        map = xmmap(NULL, *size, PROT_READ, MAP_PRIVATE, fd, 0);
1072                }
1073                close(fd);
1074        }
1075        return map;
1076}
1077
1078static int legacy_loose_object(unsigned char *map)
1079{
1080        unsigned int word;
1081
1082        /*
1083         * Is it a zlib-compressed buffer? If so, the first byte
1084         * must be 0x78 (15-bit window size, deflated), and the
1085         * first 16-bit word is evenly divisible by 31
1086         */
1087        word = (map[0] << 8) + map[1];
1088        if (map[0] == 0x78 && !(word % 31))
1089                return 1;
1090        else
1091                return 0;
1092}
1093
1094unsigned long unpack_object_header_buffer(const unsigned char *buf,
1095                unsigned long len, enum object_type *type, unsigned long *sizep)
1096{
1097        unsigned shift;
1098        unsigned long size, c;
1099        unsigned long used = 0;
1100
1101        c = buf[used++];
1102        *type = (c >> 4) & 7;
1103        size = c & 15;
1104        shift = 4;
1105        while (c & 0x80) {
1106                if (len <= used || bitsizeof(long) <= shift) {
1107                        error("bad object header");
1108                        return 0;
1109                }
1110                c = buf[used++];
1111                size += (c & 0x7f) << shift;
1112                shift += 7;
1113        }
1114        *sizep = size;
1115        return used;
1116}
1117
1118static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned long mapsize, void *buffer, unsigned long bufsiz)
1119{
1120        unsigned long size, used;
1121        static const char valid_loose_object_type[8] = {
1122                0, /* OBJ_EXT */
1123                1, 1, 1, 1, /* "commit", "tree", "blob", "tag" */
1124                0, /* "delta" and others are invalid in a loose object */
1125        };
1126        enum object_type type;
1127
1128        /* Get the data stream */
1129        memset(stream, 0, sizeof(*stream));
1130        stream->next_in = map;
1131        stream->avail_in = mapsize;
1132        stream->next_out = buffer;
1133        stream->avail_out = bufsiz;
1134
1135        if (legacy_loose_object(map)) {
1136                git_inflate_init(stream);
1137                return git_inflate(stream, 0);
1138        }
1139
1140
1141        /*
1142         * There used to be a second loose object header format which
1143         * was meant to mimic the in-pack format, allowing for direct
1144         * copy of the object data.  This format turned up not to be
1145         * really worth it and we don't write it any longer.  But we
1146         * can still read it.
1147         */
1148        used = unpack_object_header_buffer(map, mapsize, &type, &size);
1149        if (!used || !valid_loose_object_type[type])
1150                return -1;
1151        map += used;
1152        mapsize -= used;
1153
1154        /* Set up the stream for the rest.. */
1155        stream->next_in = map;
1156        stream->avail_in = mapsize;
1157        git_inflate_init(stream);
1158
1159        /* And generate the fake traditional header */
1160        stream->total_out = 1 + snprintf(buffer, bufsiz, "%s %lu",
1161                                         typename(type), size);
1162        return 0;
1163}
1164
1165static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
1166{
1167        int bytes = strlen(buffer) + 1;
1168        unsigned char *buf = xmallocz(size);
1169        unsigned long n;
1170        int status = Z_OK;
1171
1172        n = stream->total_out - bytes;
1173        if (n > size)
1174                n = size;
1175        memcpy(buf, (char *) buffer + bytes, n);
1176        bytes = n;
1177        if (bytes <= size) {
1178                /*
1179                 * The above condition must be (bytes <= size), not
1180                 * (bytes < size).  In other words, even though we
1181                 * expect no more output and set avail_out to zer0,
1182                 * the input zlib stream may have bytes that express
1183                 * "this concludes the stream", and we *do* want to
1184                 * eat that input.
1185                 *
1186                 * Otherwise we would not be able to test that we
1187                 * consumed all the input to reach the expected size;
1188                 * we also want to check that zlib tells us that all
1189                 * went well with status == Z_STREAM_END at the end.
1190                 */
1191                stream->next_out = buf + bytes;
1192                stream->avail_out = size - bytes;
1193                while (status == Z_OK)
1194                        status = git_inflate(stream, Z_FINISH);
1195        }
1196        if (status == Z_STREAM_END && !stream->avail_in) {
1197                git_inflate_end(stream);
1198                return buf;
1199        }
1200
1201        if (status < 0)
1202                error("corrupt loose object '%s'", sha1_to_hex(sha1));
1203        else if (stream->avail_in)
1204                error("garbage at end of loose object '%s'",
1205                      sha1_to_hex(sha1));
1206        free(buf);
1207        return NULL;
1208}
1209
1210/*
1211 * We used to just use "sscanf()", but that's actually way
1212 * too permissive for what we want to check. So do an anal
1213 * object header parse by hand.
1214 */
1215static int parse_sha1_header(const char *hdr, unsigned long *sizep)
1216{
1217        char type[10];
1218        int i;
1219        unsigned long size;
1220
1221        /*
1222         * The type can be at most ten bytes (including the
1223         * terminating '\0' that we add), and is followed by
1224         * a space.
1225         */
1226        i = 0;
1227        for (;;) {
1228                char c = *hdr++;
1229                if (c == ' ')
1230                        break;
1231                type[i++] = c;
1232                if (i >= sizeof(type))
1233                        return -1;
1234        }
1235        type[i] = 0;
1236
1237        /*
1238         * The length must follow immediately, and be in canonical
1239         * decimal format (ie "010" is not valid).
1240         */
1241        size = *hdr++ - '0';
1242        if (size > 9)
1243                return -1;
1244        if (size) {
1245                for (;;) {
1246                        unsigned long c = *hdr - '0';
1247                        if (c > 9)
1248                                break;
1249                        hdr++;
1250                        size = size * 10 + c;
1251                }
1252        }
1253        *sizep = size;
1254
1255        /*
1256         * The length must be followed by a zero byte
1257         */
1258        return *hdr ? -1 : type_from_string(type);
1259}
1260
1261static void *unpack_sha1_file(void *map, unsigned long mapsize, enum object_type *type, unsigned long *size, const unsigned char *sha1)
1262{
1263        int ret;
1264        z_stream stream;
1265        char hdr[8192];
1266
1267        ret = unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr));
1268        if (ret < Z_OK || (*type = parse_sha1_header(hdr, size)) < 0)
1269                return NULL;
1270
1271        return unpack_sha1_rest(&stream, hdr, *size, sha1);
1272}
1273
1274unsigned long get_size_from_delta(struct packed_git *p,
1275                                  struct pack_window **w_curs,
1276                                  off_t curpos)
1277{
1278        const unsigned char *data;
1279        unsigned char delta_head[20], *in;
1280        z_stream stream;
1281        int st;
1282
1283        memset(&stream, 0, sizeof(stream));
1284        stream.next_out = delta_head;
1285        stream.avail_out = sizeof(delta_head);
1286
1287        git_inflate_init(&stream);
1288        do {
1289                in = use_pack(p, w_curs, curpos, &stream.avail_in);
1290                stream.next_in = in;
1291                st = git_inflate(&stream, Z_FINISH);
1292                curpos += stream.next_in - in;
1293        } while ((st == Z_OK || st == Z_BUF_ERROR) &&
1294                 stream.total_out < sizeof(delta_head));
1295        git_inflate_end(&stream);
1296        if ((st != Z_STREAM_END) && stream.total_out != sizeof(delta_head)) {
1297                error("delta data unpack-initial failed");
1298                return 0;
1299        }
1300
1301        /* Examine the initial part of the delta to figure out
1302         * the result size.
1303         */
1304        data = delta_head;
1305
1306        /* ignore base size */
1307        get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1308
1309        /* Read the result size */
1310        return get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1311}
1312
1313static off_t get_delta_base(struct packed_git *p,
1314                                    struct pack_window **w_curs,
1315                                    off_t *curpos,
1316                                    enum object_type type,
1317                                    off_t delta_obj_offset)
1318{
1319        unsigned char *base_info = use_pack(p, w_curs, *curpos, NULL);
1320        off_t base_offset;
1321
1322        /* use_pack() assured us we have [base_info, base_info + 20)
1323         * as a range that we can look at without walking off the
1324         * end of the mapped window.  Its actually the hash size
1325         * that is assured.  An OFS_DELTA longer than the hash size
1326         * is stupid, as then a REF_DELTA would be smaller to store.
1327         */
1328        if (type == OBJ_OFS_DELTA) {
1329                unsigned used = 0;
1330                unsigned char c = base_info[used++];
1331                base_offset = c & 127;
1332                while (c & 128) {
1333                        base_offset += 1;
1334                        if (!base_offset || MSB(base_offset, 7))
1335                                return 0;  /* overflow */
1336                        c = base_info[used++];
1337                        base_offset = (base_offset << 7) + (c & 127);
1338                }
1339                base_offset = delta_obj_offset - base_offset;
1340                if (base_offset <= 0 || base_offset >= delta_obj_offset)
1341                        return 0;  /* out of bound */
1342                *curpos += used;
1343        } else if (type == OBJ_REF_DELTA) {
1344                /* The base entry _must_ be in the same pack */
1345                base_offset = find_pack_entry_one(base_info, p);
1346                *curpos += 20;
1347        } else
1348                die("I am totally screwed");
1349        return base_offset;
1350}
1351
1352/* forward declaration for a mutually recursive function */
1353static int packed_object_info(struct packed_git *p, off_t offset,
1354                              unsigned long *sizep);
1355
1356static int packed_delta_info(struct packed_git *p,
1357                             struct pack_window **w_curs,
1358                             off_t curpos,
1359                             enum object_type type,
1360                             off_t obj_offset,
1361                             unsigned long *sizep)
1362{
1363        off_t base_offset;
1364
1365        base_offset = get_delta_base(p, w_curs, &curpos, type, obj_offset);
1366        if (!base_offset)
1367                return OBJ_BAD;
1368        type = packed_object_info(p, base_offset, NULL);
1369        if (type <= OBJ_NONE) {
1370                struct revindex_entry *revidx;
1371                const unsigned char *base_sha1;
1372                revidx = find_pack_revindex(p, base_offset);
1373                if (!revidx)
1374                        return OBJ_BAD;
1375                base_sha1 = nth_packed_object_sha1(p, revidx->nr);
1376                mark_bad_packed_object(p, base_sha1);
1377                type = sha1_object_info(base_sha1, NULL);
1378                if (type <= OBJ_NONE)
1379                        return OBJ_BAD;
1380        }
1381
1382        /* We choose to only get the type of the base object and
1383         * ignore potentially corrupt pack file that expects the delta
1384         * based on a base with a wrong size.  This saves tons of
1385         * inflate() calls.
1386         */
1387        if (sizep) {
1388                *sizep = get_size_from_delta(p, w_curs, curpos);
1389                if (*sizep == 0)
1390                        type = OBJ_BAD;
1391        }
1392
1393        return type;
1394}
1395
1396static int unpack_object_header(struct packed_git *p,
1397                                struct pack_window **w_curs,
1398                                off_t *curpos,
1399                                unsigned long *sizep)
1400{
1401        unsigned char *base;
1402        unsigned int left;
1403        unsigned long used;
1404        enum object_type type;
1405
1406        /* use_pack() assures us we have [base, base + 20) available
1407         * as a range that we can look at at.  (Its actually the hash
1408         * size that is assured.)  With our object header encoding
1409         * the maximum deflated object size is 2^137, which is just
1410         * insane, so we know won't exceed what we have been given.
1411         */
1412        base = use_pack(p, w_curs, *curpos, &left);
1413        used = unpack_object_header_buffer(base, left, &type, sizep);
1414        if (!used) {
1415                type = OBJ_BAD;
1416        } else
1417                *curpos += used;
1418
1419        return type;
1420}
1421
1422const char *packed_object_info_detail(struct packed_git *p,
1423                                      off_t obj_offset,
1424                                      unsigned long *size,
1425                                      unsigned long *store_size,
1426                                      unsigned int *delta_chain_length,
1427                                      unsigned char *base_sha1)
1428{
1429        struct pack_window *w_curs = NULL;
1430        off_t curpos;
1431        unsigned long dummy;
1432        unsigned char *next_sha1;
1433        enum object_type type;
1434        struct revindex_entry *revidx;
1435
1436        *delta_chain_length = 0;
1437        curpos = obj_offset;
1438        type = unpack_object_header(p, &w_curs, &curpos, size);
1439
1440        revidx = find_pack_revindex(p, obj_offset);
1441        *store_size = revidx[1].offset - obj_offset;
1442
1443        for (;;) {
1444                switch (type) {
1445                default:
1446                        die("pack %s contains unknown object type %d",
1447                            p->pack_name, type);
1448                case OBJ_COMMIT:
1449                case OBJ_TREE:
1450                case OBJ_BLOB:
1451                case OBJ_TAG:
1452                        unuse_pack(&w_curs);
1453                        return typename(type);
1454                case OBJ_OFS_DELTA:
1455                        obj_offset = get_delta_base(p, &w_curs, &curpos, type, obj_offset);
1456                        if (!obj_offset)
1457                                die("pack %s contains bad delta base reference of type %s",
1458                                    p->pack_name, typename(type));
1459                        if (*delta_chain_length == 0) {
1460                                revidx = find_pack_revindex(p, obj_offset);
1461                                hashcpy(base_sha1, nth_packed_object_sha1(p, revidx->nr));
1462                        }
1463                        break;
1464                case OBJ_REF_DELTA:
1465                        next_sha1 = use_pack(p, &w_curs, curpos, NULL);
1466                        if (*delta_chain_length == 0)
1467                                hashcpy(base_sha1, next_sha1);
1468                        obj_offset = find_pack_entry_one(next_sha1, p);
1469                        break;
1470                }
1471                (*delta_chain_length)++;
1472                curpos = obj_offset;
1473                type = unpack_object_header(p, &w_curs, &curpos, &dummy);
1474        }
1475}
1476
1477static int packed_object_info(struct packed_git *p, off_t obj_offset,
1478                              unsigned long *sizep)
1479{
1480        struct pack_window *w_curs = NULL;
1481        unsigned long size;
1482        off_t curpos = obj_offset;
1483        enum object_type type;
1484
1485        type = unpack_object_header(p, &w_curs, &curpos, &size);
1486
1487        switch (type) {
1488        case OBJ_OFS_DELTA:
1489        case OBJ_REF_DELTA:
1490                type = packed_delta_info(p, &w_curs, curpos,
1491                                         type, obj_offset, sizep);
1492                break;
1493        case OBJ_COMMIT:
1494        case OBJ_TREE:
1495        case OBJ_BLOB:
1496        case OBJ_TAG:
1497                if (sizep)
1498                        *sizep = size;
1499                break;
1500        default:
1501                error("unknown object type %i at offset %"PRIuMAX" in %s",
1502                      type, (uintmax_t)obj_offset, p->pack_name);
1503                type = OBJ_BAD;
1504        }
1505        unuse_pack(&w_curs);
1506        return type;
1507}
1508
1509static void *unpack_compressed_entry(struct packed_git *p,
1510                                    struct pack_window **w_curs,
1511                                    off_t curpos,
1512                                    unsigned long size)
1513{
1514        int st;
1515        z_stream stream;
1516        unsigned char *buffer, *in;
1517
1518        buffer = xmallocz(size);
1519        memset(&stream, 0, sizeof(stream));
1520        stream.next_out = buffer;
1521        stream.avail_out = size + 1;
1522
1523        git_inflate_init(&stream);
1524        do {
1525                in = use_pack(p, w_curs, curpos, &stream.avail_in);
1526                stream.next_in = in;
1527                st = git_inflate(&stream, Z_FINISH);
1528                if (!stream.avail_out)
1529                        break; /* the payload is larger than it should be */
1530                curpos += stream.next_in - in;
1531        } while (st == Z_OK || st == Z_BUF_ERROR);
1532        git_inflate_end(&stream);
1533        if ((st != Z_STREAM_END) || stream.total_out != size) {
1534                free(buffer);
1535                return NULL;
1536        }
1537
1538        return buffer;
1539}
1540
1541#define MAX_DELTA_CACHE (256)
1542
1543static size_t delta_base_cached;
1544
1545static struct delta_base_cache_lru_list {
1546        struct delta_base_cache_lru_list *prev;
1547        struct delta_base_cache_lru_list *next;
1548} delta_base_cache_lru = { &delta_base_cache_lru, &delta_base_cache_lru };
1549
1550static struct delta_base_cache_entry {
1551        struct delta_base_cache_lru_list lru;
1552        void *data;
1553        struct packed_git *p;
1554        off_t base_offset;
1555        unsigned long size;
1556        enum object_type type;
1557} delta_base_cache[MAX_DELTA_CACHE];
1558
1559static unsigned long pack_entry_hash(struct packed_git *p, off_t base_offset)
1560{
1561        unsigned long hash;
1562
1563        hash = (unsigned long)p + (unsigned long)base_offset;
1564        hash += (hash >> 8) + (hash >> 16);
1565        return hash % MAX_DELTA_CACHE;
1566}
1567
1568static void *cache_or_unpack_entry(struct packed_git *p, off_t base_offset,
1569        unsigned long *base_size, enum object_type *type, int keep_cache)
1570{
1571        void *ret;
1572        unsigned long hash = pack_entry_hash(p, base_offset);
1573        struct delta_base_cache_entry *ent = delta_base_cache + hash;
1574
1575        ret = ent->data;
1576        if (!ret || ent->p != p || ent->base_offset != base_offset)
1577                return unpack_entry(p, base_offset, type, base_size);
1578
1579        if (!keep_cache) {
1580                ent->data = NULL;
1581                ent->lru.next->prev = ent->lru.prev;
1582                ent->lru.prev->next = ent->lru.next;
1583                delta_base_cached -= ent->size;
1584        } else {
1585                ret = xmemdupz(ent->data, ent->size);
1586        }
1587        *type = ent->type;
1588        *base_size = ent->size;
1589        return ret;
1590}
1591
1592static inline void release_delta_base_cache(struct delta_base_cache_entry *ent)
1593{
1594        if (ent->data) {
1595                free(ent->data);
1596                ent->data = NULL;
1597                ent->lru.next->prev = ent->lru.prev;
1598                ent->lru.prev->next = ent->lru.next;
1599                delta_base_cached -= ent->size;
1600        }
1601}
1602
1603void clear_delta_base_cache(void)
1604{
1605        unsigned long p;
1606        for (p = 0; p < MAX_DELTA_CACHE; p++)
1607                release_delta_base_cache(&delta_base_cache[p]);
1608}
1609
1610static void add_delta_base_cache(struct packed_git *p, off_t base_offset,
1611        void *base, unsigned long base_size, enum object_type type)
1612{
1613        unsigned long hash = pack_entry_hash(p, base_offset);
1614        struct delta_base_cache_entry *ent = delta_base_cache + hash;
1615        struct delta_base_cache_lru_list *lru;
1616
1617        release_delta_base_cache(ent);
1618        delta_base_cached += base_size;
1619
1620        for (lru = delta_base_cache_lru.next;
1621             delta_base_cached > delta_base_cache_limit
1622             && lru != &delta_base_cache_lru;
1623             lru = lru->next) {
1624                struct delta_base_cache_entry *f = (void *)lru;
1625                if (f->type == OBJ_BLOB)
1626                        release_delta_base_cache(f);
1627        }
1628        for (lru = delta_base_cache_lru.next;
1629             delta_base_cached > delta_base_cache_limit
1630             && lru != &delta_base_cache_lru;
1631             lru = lru->next) {
1632                struct delta_base_cache_entry *f = (void *)lru;
1633                release_delta_base_cache(f);
1634        }
1635
1636        ent->p = p;
1637        ent->base_offset = base_offset;
1638        ent->type = type;
1639        ent->data = base;
1640        ent->size = base_size;
1641        ent->lru.next = &delta_base_cache_lru;
1642        ent->lru.prev = delta_base_cache_lru.prev;
1643        delta_base_cache_lru.prev->next = &ent->lru;
1644        delta_base_cache_lru.prev = &ent->lru;
1645}
1646
1647static void *read_object(const unsigned char *sha1, enum object_type *type,
1648                         unsigned long *size);
1649
1650static void *unpack_delta_entry(struct packed_git *p,
1651                                struct pack_window **w_curs,
1652                                off_t curpos,
1653                                unsigned long delta_size,
1654                                off_t obj_offset,
1655                                enum object_type *type,
1656                                unsigned long *sizep)
1657{
1658        void *delta_data, *result, *base;
1659        unsigned long base_size;
1660        off_t base_offset;
1661
1662        base_offset = get_delta_base(p, w_curs, &curpos, *type, obj_offset);
1663        if (!base_offset) {
1664                error("failed to validate delta base reference "
1665                      "at offset %"PRIuMAX" from %s",
1666                      (uintmax_t)curpos, p->pack_name);
1667                return NULL;
1668        }
1669        unuse_pack(w_curs);
1670        base = cache_or_unpack_entry(p, base_offset, &base_size, type, 0);
1671        if (!base) {
1672                /*
1673                 * We're probably in deep shit, but let's try to fetch
1674                 * the required base anyway from another pack or loose.
1675                 * This is costly but should happen only in the presence
1676                 * of a corrupted pack, and is better than failing outright.
1677                 */
1678                struct revindex_entry *revidx;
1679                const unsigned char *base_sha1;
1680                revidx = find_pack_revindex(p, base_offset);
1681                if (!revidx)
1682                        return NULL;
1683                base_sha1 = nth_packed_object_sha1(p, revidx->nr);
1684                error("failed to read delta base object %s"
1685                      " at offset %"PRIuMAX" from %s",
1686                      sha1_to_hex(base_sha1), (uintmax_t)base_offset,
1687                      p->pack_name);
1688                mark_bad_packed_object(p, base_sha1);
1689                base = read_object(base_sha1, type, &base_size);
1690                if (!base)
1691                        return NULL;
1692        }
1693
1694        delta_data = unpack_compressed_entry(p, w_curs, curpos, delta_size);
1695        if (!delta_data) {
1696                error("failed to unpack compressed delta "
1697                      "at offset %"PRIuMAX" from %s",
1698                      (uintmax_t)curpos, p->pack_name);
1699                free(base);
1700                return NULL;
1701        }
1702        result = patch_delta(base, base_size,
1703                             delta_data, delta_size,
1704                             sizep);
1705        if (!result)
1706                die("failed to apply delta");
1707        free(delta_data);
1708        add_delta_base_cache(p, base_offset, base, base_size, *type);
1709        return result;
1710}
1711
1712int do_check_packed_object_crc;
1713
1714void *unpack_entry(struct packed_git *p, off_t obj_offset,
1715                   enum object_type *type, unsigned long *sizep)
1716{
1717        struct pack_window *w_curs = NULL;
1718        off_t curpos = obj_offset;
1719        void *data;
1720
1721        if (do_check_packed_object_crc && p->index_version > 1) {
1722                struct revindex_entry *revidx = find_pack_revindex(p, obj_offset);
1723                unsigned long len = revidx[1].offset - obj_offset;
1724                if (check_pack_crc(p, &w_curs, obj_offset, len, revidx->nr)) {
1725                        const unsigned char *sha1 =
1726                                nth_packed_object_sha1(p, revidx->nr);
1727                        error("bad packed object CRC for %s",
1728                              sha1_to_hex(sha1));
1729                        mark_bad_packed_object(p, sha1);
1730                        unuse_pack(&w_curs);
1731                        return NULL;
1732                }
1733        }
1734
1735        *type = unpack_object_header(p, &w_curs, &curpos, sizep);
1736        switch (*type) {
1737        case OBJ_OFS_DELTA:
1738        case OBJ_REF_DELTA:
1739                data = unpack_delta_entry(p, &w_curs, curpos, *sizep,
1740                                          obj_offset, type, sizep);
1741                break;
1742        case OBJ_COMMIT:
1743        case OBJ_TREE:
1744        case OBJ_BLOB:
1745        case OBJ_TAG:
1746                data = unpack_compressed_entry(p, &w_curs, curpos, *sizep);
1747                break;
1748        default:
1749                data = NULL;
1750                error("unknown object type %i at offset %"PRIuMAX" in %s",
1751                      *type, (uintmax_t)obj_offset, p->pack_name);
1752        }
1753        unuse_pack(&w_curs);
1754        return data;
1755}
1756
1757const unsigned char *nth_packed_object_sha1(struct packed_git *p,
1758                                            uint32_t n)
1759{
1760        const unsigned char *index = p->index_data;
1761        if (!index) {
1762                if (open_pack_index(p))
1763                        return NULL;
1764                index = p->index_data;
1765        }
1766        if (n >= p->num_objects)
1767                return NULL;
1768        index += 4 * 256;
1769        if (p->index_version == 1) {
1770                return index + 24 * n + 4;
1771        } else {
1772                index += 8;
1773                return index + 20 * n;
1774        }
1775}
1776
1777off_t nth_packed_object_offset(const struct packed_git *p, uint32_t n)
1778{
1779        const unsigned char *index = p->index_data;
1780        index += 4 * 256;
1781        if (p->index_version == 1) {
1782                return ntohl(*((uint32_t *)(index + 24 * n)));
1783        } else {
1784                uint32_t off;
1785                index += 8 + p->num_objects * (20 + 4);
1786                off = ntohl(*((uint32_t *)(index + 4 * n)));
1787                if (!(off & 0x80000000))
1788                        return off;
1789                index += p->num_objects * 4 + (off & 0x7fffffff) * 8;
1790                return (((uint64_t)ntohl(*((uint32_t *)(index + 0)))) << 32) |
1791                                   ntohl(*((uint32_t *)(index + 4)));
1792        }
1793}
1794
1795off_t find_pack_entry_one(const unsigned char *sha1,
1796                                  struct packed_git *p)
1797{
1798        const uint32_t *level1_ofs = p->index_data;
1799        const unsigned char *index = p->index_data;
1800        unsigned hi, lo, stride;
1801        static int use_lookup = -1;
1802        static int debug_lookup = -1;
1803
1804        if (debug_lookup < 0)
1805                debug_lookup = !!getenv("GIT_DEBUG_LOOKUP");
1806
1807        if (!index) {
1808                if (open_pack_index(p))
1809                        return 0;
1810                level1_ofs = p->index_data;
1811                index = p->index_data;
1812        }
1813        if (p->index_version > 1) {
1814                level1_ofs += 2;
1815                index += 8;
1816        }
1817        index += 4 * 256;
1818        hi = ntohl(level1_ofs[*sha1]);
1819        lo = ((*sha1 == 0x0) ? 0 : ntohl(level1_ofs[*sha1 - 1]));
1820        if (p->index_version > 1) {
1821                stride = 20;
1822        } else {
1823                stride = 24;
1824                index += 4;
1825        }
1826
1827        if (debug_lookup)
1828                printf("%02x%02x%02x... lo %u hi %u nr %"PRIu32"\n",
1829                       sha1[0], sha1[1], sha1[2], lo, hi, p->num_objects);
1830
1831        if (use_lookup < 0)
1832                use_lookup = !!getenv("GIT_USE_LOOKUP");
1833        if (use_lookup) {
1834                int pos = sha1_entry_pos(index, stride, 0,
1835                                         lo, hi, p->num_objects, sha1);
1836                if (pos < 0)
1837                        return 0;
1838                return nth_packed_object_offset(p, pos);
1839        }
1840
1841        do {
1842                unsigned mi = (lo + hi) / 2;
1843                int cmp = hashcmp(index + mi * stride, sha1);
1844
1845                if (debug_lookup)
1846                        printf("lo %u hi %u rg %u mi %u\n",
1847                               lo, hi, hi - lo, mi);
1848                if (!cmp)
1849                        return nth_packed_object_offset(p, mi);
1850                if (cmp > 0)
1851                        hi = mi;
1852                else
1853                        lo = mi+1;
1854        } while (lo < hi);
1855        return 0;
1856}
1857
1858static int find_pack_entry(const unsigned char *sha1, struct pack_entry *e)
1859{
1860        static struct packed_git *last_found = (void *)1;
1861        struct packed_git *p;
1862        off_t offset;
1863
1864        prepare_packed_git();
1865        if (!packed_git)
1866                return 0;
1867        p = (last_found == (void *)1) ? packed_git : last_found;
1868
1869        do {
1870                if (p->num_bad_objects) {
1871                        unsigned i;
1872                        for (i = 0; i < p->num_bad_objects; i++)
1873                                if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
1874                                        goto next;
1875                }
1876
1877                offset = find_pack_entry_one(sha1, p);
1878                if (offset) {
1879                        /*
1880                         * We are about to tell the caller where they can
1881                         * locate the requested object.  We better make
1882                         * sure the packfile is still here and can be
1883                         * accessed before supplying that answer, as
1884                         * it may have been deleted since the index
1885                         * was loaded!
1886                         */
1887                        if (p->pack_fd == -1 && open_packed_git(p)) {
1888                                error("packfile %s cannot be accessed", p->pack_name);
1889                                goto next;
1890                        }
1891                        e->offset = offset;
1892                        e->p = p;
1893                        hashcpy(e->sha1, sha1);
1894                        last_found = p;
1895                        return 1;
1896                }
1897
1898                next:
1899                if (p == last_found)
1900                        p = packed_git;
1901                else
1902                        p = p->next;
1903                if (p == last_found)
1904                        p = p->next;
1905        } while (p);
1906        return 0;
1907}
1908
1909struct packed_git *find_sha1_pack(const unsigned char *sha1,
1910                                  struct packed_git *packs)
1911{
1912        struct packed_git *p;
1913
1914        for (p = packs; p; p = p->next) {
1915                if (find_pack_entry_one(sha1, p))
1916                        return p;
1917        }
1918        return NULL;
1919
1920}
1921
1922static int sha1_loose_object_info(const unsigned char *sha1, unsigned long *sizep)
1923{
1924        int status;
1925        unsigned long mapsize, size;
1926        void *map;
1927        z_stream stream;
1928        char hdr[32];
1929
1930        map = map_sha1_file(sha1, &mapsize);
1931        if (!map)
1932                return error("unable to find %s", sha1_to_hex(sha1));
1933        if (unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr)) < 0)
1934                status = error("unable to unpack %s header",
1935                               sha1_to_hex(sha1));
1936        else if ((status = parse_sha1_header(hdr, &size)) < 0)
1937                status = error("unable to parse %s header", sha1_to_hex(sha1));
1938        else if (sizep)
1939                *sizep = size;
1940        git_inflate_end(&stream);
1941        munmap(map, mapsize);
1942        return status;
1943}
1944
1945int sha1_object_info(const unsigned char *sha1, unsigned long *sizep)
1946{
1947        struct pack_entry e;
1948        int status;
1949
1950        if (!find_pack_entry(sha1, &e)) {
1951                /* Most likely it's a loose object. */
1952                status = sha1_loose_object_info(sha1, sizep);
1953                if (status >= 0)
1954                        return status;
1955
1956                /* Not a loose object; someone else may have just packed it. */
1957                reprepare_packed_git();
1958                if (!find_pack_entry(sha1, &e))
1959                        return status;
1960        }
1961
1962        status = packed_object_info(e.p, e.offset, sizep);
1963        if (status < 0) {
1964                mark_bad_packed_object(e.p, sha1);
1965                status = sha1_object_info(sha1, sizep);
1966        }
1967
1968        return status;
1969}
1970
1971static void *read_packed_sha1(const unsigned char *sha1,
1972                              enum object_type *type, unsigned long *size)
1973{
1974        struct pack_entry e;
1975        void *data;
1976
1977        if (!find_pack_entry(sha1, &e))
1978                return NULL;
1979        data = cache_or_unpack_entry(e.p, e.offset, size, type, 1);
1980        if (!data) {
1981                /*
1982                 * We're probably in deep shit, but let's try to fetch
1983                 * the required object anyway from another pack or loose.
1984                 * This should happen only in the presence of a corrupted
1985                 * pack, and is better than failing outright.
1986                 */
1987                error("failed to read object %s at offset %"PRIuMAX" from %s",
1988                      sha1_to_hex(sha1), (uintmax_t)e.offset, e.p->pack_name);
1989                mark_bad_packed_object(e.p, sha1);
1990                data = read_object(sha1, type, size);
1991        }
1992        return data;
1993}
1994
1995/*
1996 * This is meant to hold a *small* number of objects that you would
1997 * want read_sha1_file() to be able to return, but yet you do not want
1998 * to write them into the object store (e.g. a browse-only
1999 * application).
2000 */
2001static struct cached_object {
2002        unsigned char sha1[20];
2003        enum object_type type;
2004        void *buf;
2005        unsigned long size;
2006} *cached_objects;
2007static int cached_object_nr, cached_object_alloc;
2008
2009static struct cached_object empty_tree = {
2010        EMPTY_TREE_SHA1_BIN,
2011        OBJ_TREE,
2012        "",
2013        0
2014};
2015
2016static struct cached_object *find_cached_object(const unsigned char *sha1)
2017{
2018        int i;
2019        struct cached_object *co = cached_objects;
2020
2021        for (i = 0; i < cached_object_nr; i++, co++) {
2022                if (!hashcmp(co->sha1, sha1))
2023                        return co;
2024        }
2025        if (!hashcmp(sha1, empty_tree.sha1))
2026                return &empty_tree;
2027        return NULL;
2028}
2029
2030int pretend_sha1_file(void *buf, unsigned long len, enum object_type type,
2031                      unsigned char *sha1)
2032{
2033        struct cached_object *co;
2034
2035        hash_sha1_file(buf, len, typename(type), sha1);
2036        if (has_sha1_file(sha1) || find_cached_object(sha1))
2037                return 0;
2038        if (cached_object_alloc <= cached_object_nr) {
2039                cached_object_alloc = alloc_nr(cached_object_alloc);
2040                cached_objects = xrealloc(cached_objects,
2041                                          sizeof(*cached_objects) *
2042                                          cached_object_alloc);
2043        }
2044        co = &cached_objects[cached_object_nr++];
2045        co->size = len;
2046        co->type = type;
2047        co->buf = xmalloc(len);
2048        memcpy(co->buf, buf, len);
2049        hashcpy(co->sha1, sha1);
2050        return 0;
2051}
2052
2053static void *read_object(const unsigned char *sha1, enum object_type *type,
2054                         unsigned long *size)
2055{
2056        unsigned long mapsize;
2057        void *map, *buf;
2058        struct cached_object *co;
2059
2060        co = find_cached_object(sha1);
2061        if (co) {
2062                *type = co->type;
2063                *size = co->size;
2064                return xmemdupz(co->buf, co->size);
2065        }
2066
2067        buf = read_packed_sha1(sha1, type, size);
2068        if (buf)
2069                return buf;
2070        map = map_sha1_file(sha1, &mapsize);
2071        if (map) {
2072                buf = unpack_sha1_file(map, mapsize, type, size, sha1);
2073                munmap(map, mapsize);
2074                return buf;
2075        }
2076        reprepare_packed_git();
2077        return read_packed_sha1(sha1, type, size);
2078}
2079
2080void *read_sha1_file_repl(const unsigned char *sha1,
2081                          enum object_type *type,
2082                          unsigned long *size,
2083                          const unsigned char **replacement)
2084{
2085        const unsigned char *repl = lookup_replace_object(sha1);
2086        void *data = read_object(repl, type, size);
2087
2088        /* die if we replaced an object with one that does not exist */
2089        if (!data && repl != sha1)
2090                die("replacement %s not found for %s",
2091                    sha1_to_hex(repl), sha1_to_hex(sha1));
2092
2093        /* legacy behavior is to die on corrupted objects */
2094        if (!data && (has_loose_object(repl) || has_packed_and_bad(repl)))
2095                die("object %s is corrupted", sha1_to_hex(repl));
2096
2097        if (replacement)
2098                *replacement = repl;
2099
2100        return data;
2101}
2102
2103void *read_object_with_reference(const unsigned char *sha1,
2104                                 const char *required_type_name,
2105                                 unsigned long *size,
2106                                 unsigned char *actual_sha1_return)
2107{
2108        enum object_type type, required_type;
2109        void *buffer;
2110        unsigned long isize;
2111        unsigned char actual_sha1[20];
2112
2113        required_type = type_from_string(required_type_name);
2114        hashcpy(actual_sha1, sha1);
2115        while (1) {
2116                int ref_length = -1;
2117                const char *ref_type = NULL;
2118
2119                buffer = read_sha1_file(actual_sha1, &type, &isize);
2120                if (!buffer)
2121                        return NULL;
2122                if (type == required_type) {
2123                        *size = isize;
2124                        if (actual_sha1_return)
2125                                hashcpy(actual_sha1_return, actual_sha1);
2126                        return buffer;
2127                }
2128                /* Handle references */
2129                else if (type == OBJ_COMMIT)
2130                        ref_type = "tree ";
2131                else if (type == OBJ_TAG)
2132                        ref_type = "object ";
2133                else {
2134                        free(buffer);
2135                        return NULL;
2136                }
2137                ref_length = strlen(ref_type);
2138
2139                if (ref_length + 40 > isize ||
2140                    memcmp(buffer, ref_type, ref_length) ||
2141                    get_sha1_hex((char *) buffer + ref_length, actual_sha1)) {
2142                        free(buffer);
2143                        return NULL;
2144                }
2145                free(buffer);
2146                /* Now we have the ID of the referred-to object in
2147                 * actual_sha1.  Check again. */
2148        }
2149}
2150
2151static void write_sha1_file_prepare(const void *buf, unsigned long len,
2152                                    const char *type, unsigned char *sha1,
2153                                    char *hdr, int *hdrlen)
2154{
2155        git_SHA_CTX c;
2156
2157        /* Generate the header */
2158        *hdrlen = sprintf(hdr, "%s %lu", type, len)+1;
2159
2160        /* Sha1.. */
2161        git_SHA1_Init(&c);
2162        git_SHA1_Update(&c, hdr, *hdrlen);
2163        git_SHA1_Update(&c, buf, len);
2164        git_SHA1_Final(sha1, &c);
2165}
2166
2167/*
2168 * Move the just written object into its final resting place.
2169 * NEEDSWORK: this should be renamed to finalize_temp_file() as
2170 * "moving" is only a part of what it does, when no patch between
2171 * master to pu changes the call sites of this function.
2172 */
2173int move_temp_to_file(const char *tmpfile, const char *filename)
2174{
2175        int ret = 0;
2176
2177        if (object_creation_mode == OBJECT_CREATION_USES_RENAMES)
2178                goto try_rename;
2179        else if (link(tmpfile, filename))
2180                ret = errno;
2181
2182        /*
2183         * Coda hack - coda doesn't like cross-directory links,
2184         * so we fall back to a rename, which will mean that it
2185         * won't be able to check collisions, but that's not a
2186         * big deal.
2187         *
2188         * The same holds for FAT formatted media.
2189         *
2190         * When this succeeds, we just return.  We have nothing
2191         * left to unlink.
2192         */
2193        if (ret && ret != EEXIST) {
2194        try_rename:
2195                if (!rename(tmpfile, filename))
2196                        goto out;
2197                ret = errno;
2198        }
2199        unlink_or_warn(tmpfile);
2200        if (ret) {
2201                if (ret != EEXIST) {
2202                        return error("unable to write sha1 filename %s: %s\n", filename, strerror(ret));
2203                }
2204                /* FIXME!!! Collision check here ? */
2205        }
2206
2207out:
2208        if (adjust_shared_perm(filename))
2209                return error("unable to set permission to '%s'", filename);
2210        return 0;
2211}
2212
2213static int write_buffer(int fd, const void *buf, size_t len)
2214{
2215        if (write_in_full(fd, buf, len) < 0)
2216                return error("file write error (%s)", strerror(errno));
2217        return 0;
2218}
2219
2220int hash_sha1_file(const void *buf, unsigned long len, const char *type,
2221                   unsigned char *sha1)
2222{
2223        char hdr[32];
2224        int hdrlen;
2225        write_sha1_file_prepare(buf, len, type, sha1, hdr, &hdrlen);
2226        return 0;
2227}
2228
2229/* Finalize a file on disk, and close it. */
2230static void close_sha1_file(int fd)
2231{
2232        if (fsync_object_files)
2233                fsync_or_die(fd, "sha1 file");
2234        if (close(fd) != 0)
2235                die_errno("error when closing sha1 file");
2236}
2237
2238/* Size of directory component, including the ending '/' */
2239static inline int directory_size(const char *filename)
2240{
2241        const char *s = strrchr(filename, '/');
2242        if (!s)
2243                return 0;
2244        return s - filename + 1;
2245}
2246
2247/*
2248 * This creates a temporary file in the same directory as the final
2249 * 'filename'
2250 *
2251 * We want to avoid cross-directory filename renames, because those
2252 * can have problems on various filesystems (FAT, NFS, Coda).
2253 */
2254static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
2255{
2256        int fd, dirlen = directory_size(filename);
2257
2258        if (dirlen + 20 > bufsiz) {
2259                errno = ENAMETOOLONG;
2260                return -1;
2261        }
2262        memcpy(buffer, filename, dirlen);
2263        strcpy(buffer + dirlen, "tmp_obj_XXXXXX");
2264        fd = git_mkstemp_mode(buffer, 0444);
2265        if (fd < 0 && dirlen && errno == ENOENT) {
2266                /* Make sure the directory exists */
2267                memcpy(buffer, filename, dirlen);
2268                buffer[dirlen-1] = 0;
2269                if (mkdir(buffer, 0777) || adjust_shared_perm(buffer))
2270                        return -1;
2271
2272                /* Try again */
2273                strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX");
2274                fd = git_mkstemp_mode(buffer, 0444);
2275        }
2276        return fd;
2277}
2278
2279static int write_loose_object(const unsigned char *sha1, char *hdr, int hdrlen,
2280                              const void *buf, unsigned long len, time_t mtime)
2281{
2282        int fd, ret;
2283        unsigned char compressed[4096];
2284        z_stream stream;
2285        git_SHA_CTX c;
2286        unsigned char parano_sha1[20];
2287        char *filename;
2288        static char tmpfile[PATH_MAX];
2289
2290        filename = sha1_file_name(sha1);
2291        fd = create_tmpfile(tmpfile, sizeof(tmpfile), filename);
2292        while (fd < 0 && errno == EMFILE && unuse_one_window(packed_git, -1))
2293                fd = create_tmpfile(tmpfile, sizeof(tmpfile), filename);
2294        if (fd < 0) {
2295                if (errno == EACCES)
2296                        return error("insufficient permission for adding an object to repository database %s\n", get_object_directory());
2297                else
2298                        return error("unable to create temporary sha1 filename %s: %s\n", tmpfile, strerror(errno));
2299        }
2300
2301        /* Set it up */
2302        memset(&stream, 0, sizeof(stream));
2303        deflateInit(&stream, zlib_compression_level);
2304        stream.next_out = compressed;
2305        stream.avail_out = sizeof(compressed);
2306        git_SHA1_Init(&c);
2307
2308        /* First header.. */
2309        stream.next_in = (unsigned char *)hdr;
2310        stream.avail_in = hdrlen;
2311        while (deflate(&stream, 0) == Z_OK)
2312                /* nothing */;
2313        git_SHA1_Update(&c, hdr, hdrlen);
2314
2315        /* Then the data itself.. */
2316        stream.next_in = (void *)buf;
2317        stream.avail_in = len;
2318        do {
2319                unsigned char *in0 = stream.next_in;
2320                ret = deflate(&stream, Z_FINISH);
2321                git_SHA1_Update(&c, in0, stream.next_in - in0);
2322                if (write_buffer(fd, compressed, stream.next_out - compressed) < 0)
2323                        die("unable to write sha1 file");
2324                stream.next_out = compressed;
2325                stream.avail_out = sizeof(compressed);
2326        } while (ret == Z_OK);
2327
2328        if (ret != Z_STREAM_END)
2329                die("unable to deflate new object %s (%d)", sha1_to_hex(sha1), ret);
2330        ret = deflateEnd(&stream);
2331        if (ret != Z_OK)
2332                die("deflateEnd on object %s failed (%d)", sha1_to_hex(sha1), ret);
2333        git_SHA1_Final(parano_sha1, &c);
2334        if (hashcmp(sha1, parano_sha1) != 0)
2335                die("confused by unstable object source data for %s", sha1_to_hex(sha1));
2336
2337        close_sha1_file(fd);
2338
2339        if (mtime) {
2340                struct utimbuf utb;
2341                utb.actime = mtime;
2342                utb.modtime = mtime;
2343                if (utime(tmpfile, &utb) < 0)
2344                        warning("failed utime() on %s: %s",
2345                                tmpfile, strerror(errno));
2346        }
2347
2348        return move_temp_to_file(tmpfile, filename);
2349}
2350
2351int write_sha1_file(const void *buf, unsigned long len, const char *type, unsigned char *returnsha1)
2352{
2353        unsigned char sha1[20];
2354        char hdr[32];
2355        int hdrlen;
2356
2357        /* Normally if we have it in the pack then we do not bother writing
2358         * it out into .git/objects/??/?{38} file.
2359         */
2360        write_sha1_file_prepare(buf, len, type, sha1, hdr, &hdrlen);
2361        if (returnsha1)
2362                hashcpy(returnsha1, sha1);
2363        if (has_sha1_file(sha1))
2364                return 0;
2365        return write_loose_object(sha1, hdr, hdrlen, buf, len, 0);
2366}
2367
2368int force_object_loose(const unsigned char *sha1, time_t mtime)
2369{
2370        void *buf;
2371        unsigned long len;
2372        enum object_type type;
2373        char hdr[32];
2374        int hdrlen;
2375        int ret;
2376
2377        if (has_loose_object(sha1))
2378                return 0;
2379        buf = read_packed_sha1(sha1, &type, &len);
2380        if (!buf)
2381                return error("cannot read sha1_file for %s", sha1_to_hex(sha1));
2382        hdrlen = sprintf(hdr, "%s %lu", typename(type), len) + 1;
2383        ret = write_loose_object(sha1, hdr, hdrlen, buf, len, mtime);
2384        free(buf);
2385
2386        return ret;
2387}
2388
2389int has_pack_index(const unsigned char *sha1)
2390{
2391        struct stat st;
2392        if (stat(sha1_pack_index_name(sha1), &st))
2393                return 0;
2394        return 1;
2395}
2396
2397int has_sha1_pack(const unsigned char *sha1)
2398{
2399        struct pack_entry e;
2400        return find_pack_entry(sha1, &e);
2401}
2402
2403int has_sha1_file(const unsigned char *sha1)
2404{
2405        struct pack_entry e;
2406
2407        if (find_pack_entry(sha1, &e))
2408                return 1;
2409        return has_loose_object(sha1);
2410}
2411
2412static int index_mem(unsigned char *sha1, void *buf, size_t size,
2413                     int write_object, enum object_type type, const char *path)
2414{
2415        int ret, re_allocated = 0;
2416
2417        if (!type)
2418                type = OBJ_BLOB;
2419
2420        /*
2421         * Convert blobs to git internal format
2422         */
2423        if ((type == OBJ_BLOB) && path) {
2424                struct strbuf nbuf = STRBUF_INIT;
2425                if (convert_to_git(path, buf, size, &nbuf,
2426                                   write_object ? safe_crlf : 0)) {
2427                        buf = strbuf_detach(&nbuf, &size);
2428                        re_allocated = 1;
2429                }
2430        }
2431
2432        if (write_object)
2433                ret = write_sha1_file(buf, size, typename(type), sha1);
2434        else
2435                ret = hash_sha1_file(buf, size, typename(type), sha1);
2436        if (re_allocated)
2437                free(buf);
2438        return ret;
2439}
2440
2441#define SMALL_FILE_SIZE (32*1024)
2442
2443int index_fd(unsigned char *sha1, int fd, struct stat *st, int write_object,
2444             enum object_type type, const char *path)
2445{
2446        int ret;
2447        size_t size = xsize_t(st->st_size);
2448
2449        if (!S_ISREG(st->st_mode)) {
2450                struct strbuf sbuf = STRBUF_INIT;
2451                if (strbuf_read(&sbuf, fd, 4096) >= 0)
2452                        ret = index_mem(sha1, sbuf.buf, sbuf.len, write_object,
2453                                        type, path);
2454                else
2455                        ret = -1;
2456                strbuf_release(&sbuf);
2457        } else if (!size) {
2458                ret = index_mem(sha1, NULL, size, write_object, type, path);
2459        } else if (size <= SMALL_FILE_SIZE) {
2460                char *buf = xmalloc(size);
2461                if (size == read_in_full(fd, buf, size))
2462                        ret = index_mem(sha1, buf, size, write_object, type,
2463                                        path);
2464                else
2465                        ret = error("short read %s", strerror(errno));
2466                free(buf);
2467        } else {
2468                void *buf = xmmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
2469                ret = index_mem(sha1, buf, size, write_object, type, path);
2470                munmap(buf, size);
2471        }
2472        close(fd);
2473        return ret;
2474}
2475
2476int index_path(unsigned char *sha1, const char *path, struct stat *st, int write_object)
2477{
2478        int fd;
2479        struct strbuf sb = STRBUF_INIT;
2480
2481        switch (st->st_mode & S_IFMT) {
2482        case S_IFREG:
2483                fd = open(path, O_RDONLY);
2484                if (fd < 0)
2485                        return error("open(\"%s\"): %s", path,
2486                                     strerror(errno));
2487                if (index_fd(sha1, fd, st, write_object, OBJ_BLOB, path) < 0)
2488                        return error("%s: failed to insert into database",
2489                                     path);
2490                break;
2491        case S_IFLNK:
2492                if (strbuf_readlink(&sb, path, st->st_size)) {
2493                        char *errstr = strerror(errno);
2494                        return error("readlink(\"%s\"): %s", path,
2495                                     errstr);
2496                }
2497                if (!write_object)
2498                        hash_sha1_file(sb.buf, sb.len, blob_type, sha1);
2499                else if (write_sha1_file(sb.buf, sb.len, blob_type, sha1))
2500                        return error("%s: failed to insert into database",
2501                                     path);
2502                strbuf_release(&sb);
2503                break;
2504        case S_IFDIR:
2505                return resolve_gitlink_ref(path, "HEAD", sha1);
2506        default:
2507                return error("%s: unsupported file type", path);
2508        }
2509        return 0;
2510}
2511
2512int read_pack_header(int fd, struct pack_header *header)
2513{
2514        if (read_in_full(fd, header, sizeof(*header)) < sizeof(*header))
2515                /* "eof before pack header was fully read" */
2516                return PH_ERROR_EOF;
2517
2518        if (header->hdr_signature != htonl(PACK_SIGNATURE))
2519                /* "protocol error (pack signature mismatch detected)" */
2520                return PH_ERROR_PACK_SIGNATURE;
2521        if (!pack_version_ok(header->hdr_version))
2522                /* "protocol error (pack version unsupported)" */
2523                return PH_ERROR_PROTOCOL;
2524        return 0;
2525}
2526
2527void assert_sha1_type(const unsigned char *sha1, enum object_type expect)
2528{
2529        enum object_type type = sha1_object_info(sha1, NULL);
2530        if (type < 0)
2531                die("%s is not a valid object", sha1_to_hex(sha1));
2532        if (type != expect)
2533                die("%s is not a valid '%s' object", sha1_to_hex(sha1),
2534                    typename(expect));
2535}