fsck.con commit log_ref_setup(): improve robustness against races (1fb0c80)
   1#include "cache.h"
   2#include "object.h"
   3#include "blob.h"
   4#include "tree.h"
   5#include "tree-walk.h"
   6#include "commit.h"
   7#include "tag.h"
   8#include "fsck.h"
   9#include "refs.h"
  10#include "utf8.h"
  11#include "sha1-array.h"
  12#include "decorate.h"
  13
  14#define FSCK_FATAL -1
  15#define FSCK_INFO -2
  16
  17#define FOREACH_MSG_ID(FUNC) \
  18        /* fatal errors */ \
  19        FUNC(NUL_IN_HEADER, FATAL) \
  20        FUNC(UNTERMINATED_HEADER, FATAL) \
  21        /* errors */ \
  22        FUNC(BAD_DATE, ERROR) \
  23        FUNC(BAD_DATE_OVERFLOW, ERROR) \
  24        FUNC(BAD_EMAIL, ERROR) \
  25        FUNC(BAD_NAME, ERROR) \
  26        FUNC(BAD_OBJECT_SHA1, ERROR) \
  27        FUNC(BAD_PARENT_SHA1, ERROR) \
  28        FUNC(BAD_TAG_OBJECT, ERROR) \
  29        FUNC(BAD_TIMEZONE, ERROR) \
  30        FUNC(BAD_TREE, ERROR) \
  31        FUNC(BAD_TREE_SHA1, ERROR) \
  32        FUNC(BAD_TYPE, ERROR) \
  33        FUNC(DUPLICATE_ENTRIES, ERROR) \
  34        FUNC(MISSING_AUTHOR, ERROR) \
  35        FUNC(MISSING_COMMITTER, ERROR) \
  36        FUNC(MISSING_EMAIL, ERROR) \
  37        FUNC(MISSING_GRAFT, ERROR) \
  38        FUNC(MISSING_NAME_BEFORE_EMAIL, ERROR) \
  39        FUNC(MISSING_OBJECT, ERROR) \
  40        FUNC(MISSING_PARENT, ERROR) \
  41        FUNC(MISSING_SPACE_BEFORE_DATE, ERROR) \
  42        FUNC(MISSING_SPACE_BEFORE_EMAIL, ERROR) \
  43        FUNC(MISSING_TAG, ERROR) \
  44        FUNC(MISSING_TAG_ENTRY, ERROR) \
  45        FUNC(MISSING_TAG_OBJECT, ERROR) \
  46        FUNC(MISSING_TREE, ERROR) \
  47        FUNC(MISSING_TYPE, ERROR) \
  48        FUNC(MISSING_TYPE_ENTRY, ERROR) \
  49        FUNC(MULTIPLE_AUTHORS, ERROR) \
  50        FUNC(TAG_OBJECT_NOT_TAG, ERROR) \
  51        FUNC(TREE_NOT_SORTED, ERROR) \
  52        FUNC(UNKNOWN_TYPE, ERROR) \
  53        FUNC(ZERO_PADDED_DATE, ERROR) \
  54        /* warnings */ \
  55        FUNC(BAD_FILEMODE, WARN) \
  56        FUNC(EMPTY_NAME, WARN) \
  57        FUNC(FULL_PATHNAME, WARN) \
  58        FUNC(HAS_DOT, WARN) \
  59        FUNC(HAS_DOTDOT, WARN) \
  60        FUNC(HAS_DOTGIT, WARN) \
  61        FUNC(NULL_SHA1, WARN) \
  62        FUNC(ZERO_PADDED_FILEMODE, WARN) \
  63        FUNC(NUL_IN_COMMIT, WARN) \
  64        /* infos (reported as warnings, but ignored by default) */ \
  65        FUNC(BAD_TAG_NAME, INFO) \
  66        FUNC(MISSING_TAGGER_ENTRY, INFO)
  67
  68#define MSG_ID(id, msg_type) FSCK_MSG_##id,
  69enum fsck_msg_id {
  70        FOREACH_MSG_ID(MSG_ID)
  71        FSCK_MSG_MAX
  72};
  73#undef MSG_ID
  74
  75#define STR(x) #x
  76#define MSG_ID(id, msg_type) { STR(id), NULL, FSCK_##msg_type },
  77static struct {
  78        const char *id_string;
  79        const char *downcased;
  80        int msg_type;
  81} msg_id_info[FSCK_MSG_MAX + 1] = {
  82        FOREACH_MSG_ID(MSG_ID)
  83        { NULL, NULL, -1 }
  84};
  85#undef MSG_ID
  86
  87static int parse_msg_id(const char *text)
  88{
  89        int i;
  90
  91        if (!msg_id_info[0].downcased) {
  92                /* convert id_string to lower case, without underscores. */
  93                for (i = 0; i < FSCK_MSG_MAX; i++) {
  94                        const char *p = msg_id_info[i].id_string;
  95                        int len = strlen(p);
  96                        char *q = xmalloc(len);
  97
  98                        msg_id_info[i].downcased = q;
  99                        while (*p)
 100                                if (*p == '_')
 101                                        p++;
 102                                else
 103                                        *(q)++ = tolower(*(p)++);
 104                        *q = '\0';
 105                }
 106        }
 107
 108        for (i = 0; i < FSCK_MSG_MAX; i++)
 109                if (!strcmp(text, msg_id_info[i].downcased))
 110                        return i;
 111
 112        return -1;
 113}
 114
 115static int fsck_msg_type(enum fsck_msg_id msg_id,
 116        struct fsck_options *options)
 117{
 118        int msg_type;
 119
 120        assert(msg_id >= 0 && msg_id < FSCK_MSG_MAX);
 121
 122        if (options->msg_type)
 123                msg_type = options->msg_type[msg_id];
 124        else {
 125                msg_type = msg_id_info[msg_id].msg_type;
 126                if (options->strict && msg_type == FSCK_WARN)
 127                        msg_type = FSCK_ERROR;
 128        }
 129
 130        return msg_type;
 131}
 132
 133static void init_skiplist(struct fsck_options *options, const char *path)
 134{
 135        static struct sha1_array skiplist = SHA1_ARRAY_INIT;
 136        int sorted, fd;
 137        char buffer[41];
 138        unsigned char sha1[20];
 139
 140        if (options->skiplist)
 141                sorted = options->skiplist->sorted;
 142        else {
 143                sorted = 1;
 144                options->skiplist = &skiplist;
 145        }
 146
 147        fd = open(path, O_RDONLY);
 148        if (fd < 0)
 149                die("Could not open skip list: %s", path);
 150        for (;;) {
 151                int result = read_in_full(fd, buffer, sizeof(buffer));
 152                if (result < 0)
 153                        die_errno("Could not read '%s'", path);
 154                if (!result)
 155                        break;
 156                if (get_sha1_hex(buffer, sha1) || buffer[40] != '\n')
 157                        die("Invalid SHA-1: %s", buffer);
 158                sha1_array_append(&skiplist, sha1);
 159                if (sorted && skiplist.nr > 1 &&
 160                                hashcmp(skiplist.sha1[skiplist.nr - 2],
 161                                        sha1) > 0)
 162                        sorted = 0;
 163        }
 164        close(fd);
 165
 166        if (sorted)
 167                skiplist.sorted = 1;
 168}
 169
 170static int parse_msg_type(const char *str)
 171{
 172        if (!strcmp(str, "error"))
 173                return FSCK_ERROR;
 174        else if (!strcmp(str, "warn"))
 175                return FSCK_WARN;
 176        else if (!strcmp(str, "ignore"))
 177                return FSCK_IGNORE;
 178        else
 179                die("Unknown fsck message type: '%s'", str);
 180}
 181
 182int is_valid_msg_type(const char *msg_id, const char *msg_type)
 183{
 184        if (parse_msg_id(msg_id) < 0)
 185                return 0;
 186        parse_msg_type(msg_type);
 187        return 1;
 188}
 189
 190void fsck_set_msg_type(struct fsck_options *options,
 191                const char *msg_id, const char *msg_type)
 192{
 193        int id = parse_msg_id(msg_id), type;
 194
 195        if (id < 0)
 196                die("Unhandled message id: %s", msg_id);
 197        type = parse_msg_type(msg_type);
 198
 199        if (type != FSCK_ERROR && msg_id_info[id].msg_type == FSCK_FATAL)
 200                die("Cannot demote %s to %s", msg_id, msg_type);
 201
 202        if (!options->msg_type) {
 203                int i;
 204                int *msg_type;
 205                ALLOC_ARRAY(msg_type, FSCK_MSG_MAX);
 206                for (i = 0; i < FSCK_MSG_MAX; i++)
 207                        msg_type[i] = fsck_msg_type(i, options);
 208                options->msg_type = msg_type;
 209        }
 210
 211        options->msg_type[id] = type;
 212}
 213
 214void fsck_set_msg_types(struct fsck_options *options, const char *values)
 215{
 216        char *buf = xstrdup(values), *to_free = buf;
 217        int done = 0;
 218
 219        while (!done) {
 220                int len = strcspn(buf, " ,|"), equal;
 221
 222                done = !buf[len];
 223                if (!len) {
 224                        buf++;
 225                        continue;
 226                }
 227                buf[len] = '\0';
 228
 229                for (equal = 0;
 230                     equal < len && buf[equal] != '=' && buf[equal] != ':';
 231                     equal++)
 232                        buf[equal] = tolower(buf[equal]);
 233                buf[equal] = '\0';
 234
 235                if (!strcmp(buf, "skiplist")) {
 236                        if (equal == len)
 237                                die("skiplist requires a path");
 238                        init_skiplist(options, buf + equal + 1);
 239                        buf += len + 1;
 240                        continue;
 241                }
 242
 243                if (equal == len)
 244                        die("Missing '=': '%s'", buf);
 245
 246                fsck_set_msg_type(options, buf, buf + equal + 1);
 247                buf += len + 1;
 248        }
 249        free(to_free);
 250}
 251
 252static void append_msg_id(struct strbuf *sb, const char *msg_id)
 253{
 254        for (;;) {
 255                char c = *(msg_id)++;
 256
 257                if (!c)
 258                        break;
 259                if (c != '_')
 260                        strbuf_addch(sb, tolower(c));
 261                else {
 262                        assert(*msg_id);
 263                        strbuf_addch(sb, *(msg_id)++);
 264                }
 265        }
 266
 267        strbuf_addstr(sb, ": ");
 268}
 269
 270__attribute__((format (printf, 4, 5)))
 271static int report(struct fsck_options *options, struct object *object,
 272        enum fsck_msg_id id, const char *fmt, ...)
 273{
 274        va_list ap;
 275        struct strbuf sb = STRBUF_INIT;
 276        int msg_type = fsck_msg_type(id, options), result;
 277
 278        if (msg_type == FSCK_IGNORE)
 279                return 0;
 280
 281        if (options->skiplist && object &&
 282                        sha1_array_lookup(options->skiplist, object->oid.hash) >= 0)
 283                return 0;
 284
 285        if (msg_type == FSCK_FATAL)
 286                msg_type = FSCK_ERROR;
 287        else if (msg_type == FSCK_INFO)
 288                msg_type = FSCK_WARN;
 289
 290        append_msg_id(&sb, msg_id_info[id].id_string);
 291
 292        va_start(ap, fmt);
 293        strbuf_vaddf(&sb, fmt, ap);
 294        result = options->error_func(options, object, msg_type, sb.buf);
 295        strbuf_release(&sb);
 296        va_end(ap);
 297
 298        return result;
 299}
 300
 301static char *get_object_name(struct fsck_options *options, struct object *obj)
 302{
 303        if (!options->object_names)
 304                return NULL;
 305        return lookup_decoration(options->object_names, obj);
 306}
 307
 308static void put_object_name(struct fsck_options *options, struct object *obj,
 309        const char *fmt, ...)
 310{
 311        va_list ap;
 312        struct strbuf buf = STRBUF_INIT;
 313        char *existing;
 314
 315        if (!options->object_names)
 316                return;
 317        existing = lookup_decoration(options->object_names, obj);
 318        if (existing)
 319                return;
 320        va_start(ap, fmt);
 321        strbuf_vaddf(&buf, fmt, ap);
 322        add_decoration(options->object_names, obj, strbuf_detach(&buf, NULL));
 323        va_end(ap);
 324}
 325
 326static const char *describe_object(struct fsck_options *o, struct object *obj)
 327{
 328        static struct strbuf buf = STRBUF_INIT;
 329        char *name;
 330
 331        strbuf_reset(&buf);
 332        strbuf_addstr(&buf, oid_to_hex(&obj->oid));
 333        if (o->object_names && (name = lookup_decoration(o->object_names, obj)))
 334                strbuf_addf(&buf, " (%s)", name);
 335
 336        return buf.buf;
 337}
 338
 339static int fsck_walk_tree(struct tree *tree, void *data, struct fsck_options *options)
 340{
 341        struct tree_desc desc;
 342        struct name_entry entry;
 343        int res = 0;
 344        const char *name;
 345
 346        if (parse_tree(tree))
 347                return -1;
 348
 349        name = get_object_name(options, &tree->object);
 350        if (init_tree_desc_gently(&desc, tree->buffer, tree->size))
 351                return -1;
 352        while (tree_entry_gently(&desc, &entry)) {
 353                struct object *obj;
 354                int result;
 355
 356                if (S_ISGITLINK(entry.mode))
 357                        continue;
 358
 359                if (S_ISDIR(entry.mode)) {
 360                        obj = &lookup_tree(entry.oid->hash)->object;
 361                        if (name)
 362                                put_object_name(options, obj, "%s%s/", name,
 363                                        entry.path);
 364                        result = options->walk(obj, OBJ_TREE, data, options);
 365                }
 366                else if (S_ISREG(entry.mode) || S_ISLNK(entry.mode)) {
 367                        obj = &lookup_blob(entry.oid->hash)->object;
 368                        if (name)
 369                                put_object_name(options, obj, "%s%s", name,
 370                                        entry.path);
 371                        result = options->walk(obj, OBJ_BLOB, data, options);
 372                }
 373                else {
 374                        result = error("in tree %s: entry %s has bad mode %.6o",
 375                                        describe_object(options, &tree->object), entry.path, entry.mode);
 376                }
 377                if (result < 0)
 378                        return result;
 379                if (!res)
 380                        res = result;
 381        }
 382        return res;
 383}
 384
 385static int fsck_walk_commit(struct commit *commit, void *data, struct fsck_options *options)
 386{
 387        int counter = 0, generation = 0, name_prefix_len = 0;
 388        struct commit_list *parents;
 389        int res;
 390        int result;
 391        const char *name;
 392
 393        if (parse_commit(commit))
 394                return -1;
 395
 396        name = get_object_name(options, &commit->object);
 397        if (name)
 398                put_object_name(options, &commit->tree->object, "%s:", name);
 399
 400        result = options->walk((struct object *)commit->tree, OBJ_TREE, data, options);
 401        if (result < 0)
 402                return result;
 403        res = result;
 404
 405        parents = commit->parents;
 406        if (name && parents) {
 407                int len = strlen(name), power;
 408
 409                if (len && name[len - 1] == '^') {
 410                        generation = 1;
 411                        name_prefix_len = len - 1;
 412                }
 413                else { /* parse ~<generation> suffix */
 414                        for (generation = 0, power = 1;
 415                             len && isdigit(name[len - 1]);
 416                             power *= 10)
 417                                generation += power * (name[--len] - '0');
 418                        if (power > 1 && len && name[len - 1] == '~')
 419                                name_prefix_len = len - 1;
 420                }
 421        }
 422
 423        while (parents) {
 424                if (name) {
 425                        struct object *obj = &parents->item->object;
 426
 427                        if (++counter > 1)
 428                                put_object_name(options, obj, "%s^%d",
 429                                        name, counter);
 430                        else if (generation > 0)
 431                                put_object_name(options, obj, "%.*s~%d",
 432                                        name_prefix_len, name, generation + 1);
 433                        else
 434                                put_object_name(options, obj, "%s^", name);
 435                }
 436                result = options->walk((struct object *)parents->item, OBJ_COMMIT, data, options);
 437                if (result < 0)
 438                        return result;
 439                if (!res)
 440                        res = result;
 441                parents = parents->next;
 442        }
 443        return res;
 444}
 445
 446static int fsck_walk_tag(struct tag *tag, void *data, struct fsck_options *options)
 447{
 448        char *name = get_object_name(options, &tag->object);
 449
 450        if (parse_tag(tag))
 451                return -1;
 452        if (name)
 453                put_object_name(options, tag->tagged, "%s", name);
 454        return options->walk(tag->tagged, OBJ_ANY, data, options);
 455}
 456
 457int fsck_walk(struct object *obj, void *data, struct fsck_options *options)
 458{
 459        if (!obj)
 460                return -1;
 461        switch (obj->type) {
 462        case OBJ_BLOB:
 463                return 0;
 464        case OBJ_TREE:
 465                return fsck_walk_tree((struct tree *)obj, data, options);
 466        case OBJ_COMMIT:
 467                return fsck_walk_commit((struct commit *)obj, data, options);
 468        case OBJ_TAG:
 469                return fsck_walk_tag((struct tag *)obj, data, options);
 470        default:
 471                error("Unknown object type for %s", describe_object(options, obj));
 472                return -1;
 473        }
 474}
 475
 476/*
 477 * The entries in a tree are ordered in the _path_ order,
 478 * which means that a directory entry is ordered by adding
 479 * a slash to the end of it.
 480 *
 481 * So a directory called "a" is ordered _after_ a file
 482 * called "a.c", because "a/" sorts after "a.c".
 483 */
 484#define TREE_UNORDERED (-1)
 485#define TREE_HAS_DUPS  (-2)
 486
 487static int verify_ordered(unsigned mode1, const char *name1, unsigned mode2, const char *name2)
 488{
 489        int len1 = strlen(name1);
 490        int len2 = strlen(name2);
 491        int len = len1 < len2 ? len1 : len2;
 492        unsigned char c1, c2;
 493        int cmp;
 494
 495        cmp = memcmp(name1, name2, len);
 496        if (cmp < 0)
 497                return 0;
 498        if (cmp > 0)
 499                return TREE_UNORDERED;
 500
 501        /*
 502         * Ok, the first <len> characters are the same.
 503         * Now we need to order the next one, but turn
 504         * a '\0' into a '/' for a directory entry.
 505         */
 506        c1 = name1[len];
 507        c2 = name2[len];
 508        if (!c1 && !c2)
 509                /*
 510                 * git-write-tree used to write out a nonsense tree that has
 511                 * entries with the same name, one blob and one tree.  Make
 512                 * sure we do not have duplicate entries.
 513                 */
 514                return TREE_HAS_DUPS;
 515        if (!c1 && S_ISDIR(mode1))
 516                c1 = '/';
 517        if (!c2 && S_ISDIR(mode2))
 518                c2 = '/';
 519        return c1 < c2 ? 0 : TREE_UNORDERED;
 520}
 521
 522static int fsck_tree(struct tree *item, struct fsck_options *options)
 523{
 524        int retval = 0;
 525        int has_null_sha1 = 0;
 526        int has_full_path = 0;
 527        int has_empty_name = 0;
 528        int has_dot = 0;
 529        int has_dotdot = 0;
 530        int has_dotgit = 0;
 531        int has_zero_pad = 0;
 532        int has_bad_modes = 0;
 533        int has_dup_entries = 0;
 534        int not_properly_sorted = 0;
 535        struct tree_desc desc;
 536        unsigned o_mode;
 537        const char *o_name;
 538
 539        if (init_tree_desc_gently(&desc, item->buffer, item->size)) {
 540                retval += report(options, &item->object, FSCK_MSG_BAD_TREE, "cannot be parsed as a tree");
 541                return retval;
 542        }
 543
 544        o_mode = 0;
 545        o_name = NULL;
 546
 547        while (desc.size) {
 548                unsigned mode;
 549                const char *name;
 550                const struct object_id *oid;
 551
 552                oid = tree_entry_extract(&desc, &name, &mode);
 553
 554                has_null_sha1 |= is_null_oid(oid);
 555                has_full_path |= !!strchr(name, '/');
 556                has_empty_name |= !*name;
 557                has_dot |= !strcmp(name, ".");
 558                has_dotdot |= !strcmp(name, "..");
 559                has_dotgit |= (!strcmp(name, ".git") ||
 560                               is_hfs_dotgit(name) ||
 561                               is_ntfs_dotgit(name));
 562                has_zero_pad |= *(char *)desc.buffer == '0';
 563                if (update_tree_entry_gently(&desc)) {
 564                        retval += report(options, &item->object, FSCK_MSG_BAD_TREE, "cannot be parsed as a tree");
 565                        break;
 566                }
 567
 568                switch (mode) {
 569                /*
 570                 * Standard modes..
 571                 */
 572                case S_IFREG | 0755:
 573                case S_IFREG | 0644:
 574                case S_IFLNK:
 575                case S_IFDIR:
 576                case S_IFGITLINK:
 577                        break;
 578                /*
 579                 * This is nonstandard, but we had a few of these
 580                 * early on when we honored the full set of mode
 581                 * bits..
 582                 */
 583                case S_IFREG | 0664:
 584                        if (!options->strict)
 585                                break;
 586                default:
 587                        has_bad_modes = 1;
 588                }
 589
 590                if (o_name) {
 591                        switch (verify_ordered(o_mode, o_name, mode, name)) {
 592                        case TREE_UNORDERED:
 593                                not_properly_sorted = 1;
 594                                break;
 595                        case TREE_HAS_DUPS:
 596                                has_dup_entries = 1;
 597                                break;
 598                        default:
 599                                break;
 600                        }
 601                }
 602
 603                o_mode = mode;
 604                o_name = name;
 605        }
 606
 607        if (has_null_sha1)
 608                retval += report(options, &item->object, FSCK_MSG_NULL_SHA1, "contains entries pointing to null sha1");
 609        if (has_full_path)
 610                retval += report(options, &item->object, FSCK_MSG_FULL_PATHNAME, "contains full pathnames");
 611        if (has_empty_name)
 612                retval += report(options, &item->object, FSCK_MSG_EMPTY_NAME, "contains empty pathname");
 613        if (has_dot)
 614                retval += report(options, &item->object, FSCK_MSG_HAS_DOT, "contains '.'");
 615        if (has_dotdot)
 616                retval += report(options, &item->object, FSCK_MSG_HAS_DOTDOT, "contains '..'");
 617        if (has_dotgit)
 618                retval += report(options, &item->object, FSCK_MSG_HAS_DOTGIT, "contains '.git'");
 619        if (has_zero_pad)
 620                retval += report(options, &item->object, FSCK_MSG_ZERO_PADDED_FILEMODE, "contains zero-padded file modes");
 621        if (has_bad_modes)
 622                retval += report(options, &item->object, FSCK_MSG_BAD_FILEMODE, "contains bad file modes");
 623        if (has_dup_entries)
 624                retval += report(options, &item->object, FSCK_MSG_DUPLICATE_ENTRIES, "contains duplicate file entries");
 625        if (not_properly_sorted)
 626                retval += report(options, &item->object, FSCK_MSG_TREE_NOT_SORTED, "not properly sorted");
 627        return retval;
 628}
 629
 630static int verify_headers(const void *data, unsigned long size,
 631                          struct object *obj, struct fsck_options *options)
 632{
 633        const char *buffer = (const char *)data;
 634        unsigned long i;
 635
 636        for (i = 0; i < size; i++) {
 637                switch (buffer[i]) {
 638                case '\0':
 639                        return report(options, obj,
 640                                FSCK_MSG_NUL_IN_HEADER,
 641                                "unterminated header: NUL at offset %ld", i);
 642                case '\n':
 643                        if (i + 1 < size && buffer[i + 1] == '\n')
 644                                return 0;
 645                }
 646        }
 647
 648        /*
 649         * We did not find double-LF that separates the header
 650         * and the body.  Not having a body is not a crime but
 651         * we do want to see the terminating LF for the last header
 652         * line.
 653         */
 654        if (size && buffer[size - 1] == '\n')
 655                return 0;
 656
 657        return report(options, obj,
 658                FSCK_MSG_UNTERMINATED_HEADER, "unterminated header");
 659}
 660
 661static int fsck_ident(const char **ident, struct object *obj, struct fsck_options *options)
 662{
 663        const char *p = *ident;
 664        char *end;
 665
 666        *ident = strchrnul(*ident, '\n');
 667        if (**ident == '\n')
 668                (*ident)++;
 669
 670        if (*p == '<')
 671                return report(options, obj, FSCK_MSG_MISSING_NAME_BEFORE_EMAIL, "invalid author/committer line - missing space before email");
 672        p += strcspn(p, "<>\n");
 673        if (*p == '>')
 674                return report(options, obj, FSCK_MSG_BAD_NAME, "invalid author/committer line - bad name");
 675        if (*p != '<')
 676                return report(options, obj, FSCK_MSG_MISSING_EMAIL, "invalid author/committer line - missing email");
 677        if (p[-1] != ' ')
 678                return report(options, obj, FSCK_MSG_MISSING_SPACE_BEFORE_EMAIL, "invalid author/committer line - missing space before email");
 679        p++;
 680        p += strcspn(p, "<>\n");
 681        if (*p != '>')
 682                return report(options, obj, FSCK_MSG_BAD_EMAIL, "invalid author/committer line - bad email");
 683        p++;
 684        if (*p != ' ')
 685                return report(options, obj, FSCK_MSG_MISSING_SPACE_BEFORE_DATE, "invalid author/committer line - missing space before date");
 686        p++;
 687        if (*p == '0' && p[1] != ' ')
 688                return report(options, obj, FSCK_MSG_ZERO_PADDED_DATE, "invalid author/committer line - zero-padded date");
 689        if (date_overflows(strtoul(p, &end, 10)))
 690                return report(options, obj, FSCK_MSG_BAD_DATE_OVERFLOW, "invalid author/committer line - date causes integer overflow");
 691        if ((end == p || *end != ' '))
 692                return report(options, obj, FSCK_MSG_BAD_DATE, "invalid author/committer line - bad date");
 693        p = end + 1;
 694        if ((*p != '+' && *p != '-') ||
 695            !isdigit(p[1]) ||
 696            !isdigit(p[2]) ||
 697            !isdigit(p[3]) ||
 698            !isdigit(p[4]) ||
 699            (p[5] != '\n'))
 700                return report(options, obj, FSCK_MSG_BAD_TIMEZONE, "invalid author/committer line - bad time zone");
 701        p += 6;
 702        return 0;
 703}
 704
 705static int fsck_commit_buffer(struct commit *commit, const char *buffer,
 706        unsigned long size, struct fsck_options *options)
 707{
 708        unsigned char tree_sha1[20], sha1[20];
 709        struct commit_graft *graft;
 710        unsigned parent_count, parent_line_count = 0, author_count;
 711        int err;
 712        const char *buffer_begin = buffer;
 713
 714        if (verify_headers(buffer, size, &commit->object, options))
 715                return -1;
 716
 717        if (!skip_prefix(buffer, "tree ", &buffer))
 718                return report(options, &commit->object, FSCK_MSG_MISSING_TREE, "invalid format - expected 'tree' line");
 719        if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n') {
 720                err = report(options, &commit->object, FSCK_MSG_BAD_TREE_SHA1, "invalid 'tree' line format - bad sha1");
 721                if (err)
 722                        return err;
 723        }
 724        buffer += 41;
 725        while (skip_prefix(buffer, "parent ", &buffer)) {
 726                if (get_sha1_hex(buffer, sha1) || buffer[40] != '\n') {
 727                        err = report(options, &commit->object, FSCK_MSG_BAD_PARENT_SHA1, "invalid 'parent' line format - bad sha1");
 728                        if (err)
 729                                return err;
 730                }
 731                buffer += 41;
 732                parent_line_count++;
 733        }
 734        graft = lookup_commit_graft(commit->object.oid.hash);
 735        parent_count = commit_list_count(commit->parents);
 736        if (graft) {
 737                if (graft->nr_parent == -1 && !parent_count)
 738                        ; /* shallow commit */
 739                else if (graft->nr_parent != parent_count) {
 740                        err = report(options, &commit->object, FSCK_MSG_MISSING_GRAFT, "graft objects missing");
 741                        if (err)
 742                                return err;
 743                }
 744        } else {
 745                if (parent_count != parent_line_count) {
 746                        err = report(options, &commit->object, FSCK_MSG_MISSING_PARENT, "parent objects missing");
 747                        if (err)
 748                                return err;
 749                }
 750        }
 751        author_count = 0;
 752        while (skip_prefix(buffer, "author ", &buffer)) {
 753                author_count++;
 754                err = fsck_ident(&buffer, &commit->object, options);
 755                if (err)
 756                        return err;
 757        }
 758        if (author_count < 1)
 759                err = report(options, &commit->object, FSCK_MSG_MISSING_AUTHOR, "invalid format - expected 'author' line");
 760        else if (author_count > 1)
 761                err = report(options, &commit->object, FSCK_MSG_MULTIPLE_AUTHORS, "invalid format - multiple 'author' lines");
 762        if (err)
 763                return err;
 764        if (!skip_prefix(buffer, "committer ", &buffer))
 765                return report(options, &commit->object, FSCK_MSG_MISSING_COMMITTER, "invalid format - expected 'committer' line");
 766        err = fsck_ident(&buffer, &commit->object, options);
 767        if (err)
 768                return err;
 769        if (!commit->tree) {
 770                err = report(options, &commit->object, FSCK_MSG_BAD_TREE, "could not load commit's tree %s", sha1_to_hex(tree_sha1));
 771                if (err)
 772                        return err;
 773        }
 774        if (memchr(buffer_begin, '\0', size)) {
 775                err = report(options, &commit->object, FSCK_MSG_NUL_IN_COMMIT,
 776                             "NUL byte in the commit object body");
 777                if (err)
 778                        return err;
 779        }
 780        return 0;
 781}
 782
 783static int fsck_commit(struct commit *commit, const char *data,
 784        unsigned long size, struct fsck_options *options)
 785{
 786        const char *buffer = data ?  data : get_commit_buffer(commit, &size);
 787        int ret = fsck_commit_buffer(commit, buffer, size, options);
 788        if (!data)
 789                unuse_commit_buffer(commit, buffer);
 790        return ret;
 791}
 792
 793static int fsck_tag_buffer(struct tag *tag, const char *data,
 794        unsigned long size, struct fsck_options *options)
 795{
 796        unsigned char sha1[20];
 797        int ret = 0;
 798        const char *buffer;
 799        char *to_free = NULL, *eol;
 800        struct strbuf sb = STRBUF_INIT;
 801
 802        if (data)
 803                buffer = data;
 804        else {
 805                enum object_type type;
 806
 807                buffer = to_free =
 808                        read_sha1_file(tag->object.oid.hash, &type, &size);
 809                if (!buffer)
 810                        return report(options, &tag->object,
 811                                FSCK_MSG_MISSING_TAG_OBJECT,
 812                                "cannot read tag object");
 813
 814                if (type != OBJ_TAG) {
 815                        ret = report(options, &tag->object,
 816                                FSCK_MSG_TAG_OBJECT_NOT_TAG,
 817                                "expected tag got %s",
 818                            typename(type));
 819                        goto done;
 820                }
 821        }
 822
 823        ret = verify_headers(buffer, size, &tag->object, options);
 824        if (ret)
 825                goto done;
 826
 827        if (!skip_prefix(buffer, "object ", &buffer)) {
 828                ret = report(options, &tag->object, FSCK_MSG_MISSING_OBJECT, "invalid format - expected 'object' line");
 829                goto done;
 830        }
 831        if (get_sha1_hex(buffer, sha1) || buffer[40] != '\n') {
 832                ret = report(options, &tag->object, FSCK_MSG_BAD_OBJECT_SHA1, "invalid 'object' line format - bad sha1");
 833                if (ret)
 834                        goto done;
 835        }
 836        buffer += 41;
 837
 838        if (!skip_prefix(buffer, "type ", &buffer)) {
 839                ret = report(options, &tag->object, FSCK_MSG_MISSING_TYPE_ENTRY, "invalid format - expected 'type' line");
 840                goto done;
 841        }
 842        eol = strchr(buffer, '\n');
 843        if (!eol) {
 844                ret = report(options, &tag->object, FSCK_MSG_MISSING_TYPE, "invalid format - unexpected end after 'type' line");
 845                goto done;
 846        }
 847        if (type_from_string_gently(buffer, eol - buffer, 1) < 0)
 848                ret = report(options, &tag->object, FSCK_MSG_BAD_TYPE, "invalid 'type' value");
 849        if (ret)
 850                goto done;
 851        buffer = eol + 1;
 852
 853        if (!skip_prefix(buffer, "tag ", &buffer)) {
 854                ret = report(options, &tag->object, FSCK_MSG_MISSING_TAG_ENTRY, "invalid format - expected 'tag' line");
 855                goto done;
 856        }
 857        eol = strchr(buffer, '\n');
 858        if (!eol) {
 859                ret = report(options, &tag->object, FSCK_MSG_MISSING_TAG, "invalid format - unexpected end after 'type' line");
 860                goto done;
 861        }
 862        strbuf_addf(&sb, "refs/tags/%.*s", (int)(eol - buffer), buffer);
 863        if (check_refname_format(sb.buf, 0)) {
 864                ret = report(options, &tag->object, FSCK_MSG_BAD_TAG_NAME,
 865                           "invalid 'tag' name: %.*s",
 866                           (int)(eol - buffer), buffer);
 867                if (ret)
 868                        goto done;
 869        }
 870        buffer = eol + 1;
 871
 872        if (!skip_prefix(buffer, "tagger ", &buffer)) {
 873                /* early tags do not contain 'tagger' lines; warn only */
 874                ret = report(options, &tag->object, FSCK_MSG_MISSING_TAGGER_ENTRY, "invalid format - expected 'tagger' line");
 875                if (ret)
 876                        goto done;
 877        }
 878        else
 879                ret = fsck_ident(&buffer, &tag->object, options);
 880
 881done:
 882        strbuf_release(&sb);
 883        free(to_free);
 884        return ret;
 885}
 886
 887static int fsck_tag(struct tag *tag, const char *data,
 888        unsigned long size, struct fsck_options *options)
 889{
 890        struct object *tagged = tag->tagged;
 891
 892        if (!tagged)
 893                return report(options, &tag->object, FSCK_MSG_BAD_TAG_OBJECT, "could not load tagged object");
 894
 895        return fsck_tag_buffer(tag, data, size, options);
 896}
 897
 898int fsck_object(struct object *obj, void *data, unsigned long size,
 899        struct fsck_options *options)
 900{
 901        if (!obj)
 902                return report(options, obj, FSCK_MSG_BAD_OBJECT_SHA1, "no valid object to fsck");
 903
 904        if (obj->type == OBJ_BLOB)
 905                return 0;
 906        if (obj->type == OBJ_TREE)
 907                return fsck_tree((struct tree *) obj, options);
 908        if (obj->type == OBJ_COMMIT)
 909                return fsck_commit((struct commit *) obj, (const char *) data,
 910                        size, options);
 911        if (obj->type == OBJ_TAG)
 912                return fsck_tag((struct tag *) obj, (const char *) data,
 913                        size, options);
 914
 915        return report(options, obj, FSCK_MSG_UNKNOWN_TYPE, "unknown type '%d' (internal fsck error)",
 916                          obj->type);
 917}
 918
 919int fsck_error_function(struct fsck_options *o,
 920        struct object *obj, int msg_type, const char *message)
 921{
 922        if (msg_type == FSCK_WARN) {
 923                warning("object %s: %s", describe_object(o, obj), message);
 924                return 0;
 925        }
 926        error("object %s: %s", describe_object(o, obj), message);
 927        return 1;
 928}