fsck.con commit commit.c: make find_commit_subject() more robust (4e1b06d)
   1#include "cache.h"
   2#include "object.h"
   3#include "blob.h"
   4#include "tree.h"
   5#include "tree-walk.h"
   6#include "commit.h"
   7#include "tag.h"
   8#include "fsck.h"
   9#include "refs.h"
  10#include "utf8.h"
  11
  12static int fsck_walk_tree(struct tree *tree, fsck_walk_func walk, void *data)
  13{
  14        struct tree_desc desc;
  15        struct name_entry entry;
  16        int res = 0;
  17
  18        if (parse_tree(tree))
  19                return -1;
  20
  21        init_tree_desc(&desc, tree->buffer, tree->size);
  22        while (tree_entry(&desc, &entry)) {
  23                int result;
  24
  25                if (S_ISGITLINK(entry.mode))
  26                        continue;
  27                if (S_ISDIR(entry.mode))
  28                        result = walk(&lookup_tree(entry.sha1)->object, OBJ_TREE, data);
  29                else if (S_ISREG(entry.mode) || S_ISLNK(entry.mode))
  30                        result = walk(&lookup_blob(entry.sha1)->object, OBJ_BLOB, data);
  31                else {
  32                        result = error("in tree %s: entry %s has bad mode %.6o",
  33                                        sha1_to_hex(tree->object.sha1), entry.path, entry.mode);
  34                }
  35                if (result < 0)
  36                        return result;
  37                if (!res)
  38                        res = result;
  39        }
  40        return res;
  41}
  42
  43static int fsck_walk_commit(struct commit *commit, fsck_walk_func walk, void *data)
  44{
  45        struct commit_list *parents;
  46        int res;
  47        int result;
  48
  49        if (parse_commit(commit))
  50                return -1;
  51
  52        result = walk((struct object *)commit->tree, OBJ_TREE, data);
  53        if (result < 0)
  54                return result;
  55        res = result;
  56
  57        parents = commit->parents;
  58        while (parents) {
  59                result = walk((struct object *)parents->item, OBJ_COMMIT, data);
  60                if (result < 0)
  61                        return result;
  62                if (!res)
  63                        res = result;
  64                parents = parents->next;
  65        }
  66        return res;
  67}
  68
  69static int fsck_walk_tag(struct tag *tag, fsck_walk_func walk, void *data)
  70{
  71        if (parse_tag(tag))
  72                return -1;
  73        return walk(tag->tagged, OBJ_ANY, data);
  74}
  75
  76int fsck_walk(struct object *obj, fsck_walk_func walk, void *data)
  77{
  78        if (!obj)
  79                return -1;
  80        switch (obj->type) {
  81        case OBJ_BLOB:
  82                return 0;
  83        case OBJ_TREE:
  84                return fsck_walk_tree((struct tree *)obj, walk, data);
  85        case OBJ_COMMIT:
  86                return fsck_walk_commit((struct commit *)obj, walk, data);
  87        case OBJ_TAG:
  88                return fsck_walk_tag((struct tag *)obj, walk, data);
  89        default:
  90                error("Unknown object type for %s", sha1_to_hex(obj->sha1));
  91                return -1;
  92        }
  93}
  94
  95/*
  96 * The entries in a tree are ordered in the _path_ order,
  97 * which means that a directory entry is ordered by adding
  98 * a slash to the end of it.
  99 *
 100 * So a directory called "a" is ordered _after_ a file
 101 * called "a.c", because "a/" sorts after "a.c".
 102 */
 103#define TREE_UNORDERED (-1)
 104#define TREE_HAS_DUPS  (-2)
 105
 106static int verify_ordered(unsigned mode1, const char *name1, unsigned mode2, const char *name2)
 107{
 108        int len1 = strlen(name1);
 109        int len2 = strlen(name2);
 110        int len = len1 < len2 ? len1 : len2;
 111        unsigned char c1, c2;
 112        int cmp;
 113
 114        cmp = memcmp(name1, name2, len);
 115        if (cmp < 0)
 116                return 0;
 117        if (cmp > 0)
 118                return TREE_UNORDERED;
 119
 120        /*
 121         * Ok, the first <len> characters are the same.
 122         * Now we need to order the next one, but turn
 123         * a '\0' into a '/' for a directory entry.
 124         */
 125        c1 = name1[len];
 126        c2 = name2[len];
 127        if (!c1 && !c2)
 128                /*
 129                 * git-write-tree used to write out a nonsense tree that has
 130                 * entries with the same name, one blob and one tree.  Make
 131                 * sure we do not have duplicate entries.
 132                 */
 133                return TREE_HAS_DUPS;
 134        if (!c1 && S_ISDIR(mode1))
 135                c1 = '/';
 136        if (!c2 && S_ISDIR(mode2))
 137                c2 = '/';
 138        return c1 < c2 ? 0 : TREE_UNORDERED;
 139}
 140
 141static int fsck_tree(struct tree *item, int strict, fsck_error error_func)
 142{
 143        int retval;
 144        int has_null_sha1 = 0;
 145        int has_full_path = 0;
 146        int has_empty_name = 0;
 147        int has_dot = 0;
 148        int has_dotdot = 0;
 149        int has_dotgit = 0;
 150        int has_zero_pad = 0;
 151        int has_bad_modes = 0;
 152        int has_dup_entries = 0;
 153        int not_properly_sorted = 0;
 154        struct tree_desc desc;
 155        unsigned o_mode;
 156        const char *o_name;
 157
 158        init_tree_desc(&desc, item->buffer, item->size);
 159
 160        o_mode = 0;
 161        o_name = NULL;
 162
 163        while (desc.size) {
 164                unsigned mode;
 165                const char *name;
 166                const unsigned char *sha1;
 167
 168                sha1 = tree_entry_extract(&desc, &name, &mode);
 169
 170                has_null_sha1 |= is_null_sha1(sha1);
 171                has_full_path |= !!strchr(name, '/');
 172                has_empty_name |= !*name;
 173                has_dot |= !strcmp(name, ".");
 174                has_dotdot |= !strcmp(name, "..");
 175                has_dotgit |= (!strcmp(name, ".git") ||
 176                               is_hfs_dotgit(name) ||
 177                               is_ntfs_dotgit(name));
 178                has_zero_pad |= *(char *)desc.buffer == '0';
 179                update_tree_entry(&desc);
 180
 181                switch (mode) {
 182                /*
 183                 * Standard modes..
 184                 */
 185                case S_IFREG | 0755:
 186                case S_IFREG | 0644:
 187                case S_IFLNK:
 188                case S_IFDIR:
 189                case S_IFGITLINK:
 190                        break;
 191                /*
 192                 * This is nonstandard, but we had a few of these
 193                 * early on when we honored the full set of mode
 194                 * bits..
 195                 */
 196                case S_IFREG | 0664:
 197                        if (!strict)
 198                                break;
 199                default:
 200                        has_bad_modes = 1;
 201                }
 202
 203                if (o_name) {
 204                        switch (verify_ordered(o_mode, o_name, mode, name)) {
 205                        case TREE_UNORDERED:
 206                                not_properly_sorted = 1;
 207                                break;
 208                        case TREE_HAS_DUPS:
 209                                has_dup_entries = 1;
 210                                break;
 211                        default:
 212                                break;
 213                        }
 214                }
 215
 216                o_mode = mode;
 217                o_name = name;
 218        }
 219
 220        retval = 0;
 221        if (has_null_sha1)
 222                retval += error_func(&item->object, FSCK_WARN, "contains entries pointing to null sha1");
 223        if (has_full_path)
 224                retval += error_func(&item->object, FSCK_WARN, "contains full pathnames");
 225        if (has_empty_name)
 226                retval += error_func(&item->object, FSCK_WARN, "contains empty pathname");
 227        if (has_dot)
 228                retval += error_func(&item->object, FSCK_WARN, "contains '.'");
 229        if (has_dotdot)
 230                retval += error_func(&item->object, FSCK_WARN, "contains '..'");
 231        if (has_dotgit)
 232                retval += error_func(&item->object, FSCK_WARN, "contains '.git'");
 233        if (has_zero_pad)
 234                retval += error_func(&item->object, FSCK_WARN, "contains zero-padded file modes");
 235        if (has_bad_modes)
 236                retval += error_func(&item->object, FSCK_WARN, "contains bad file modes");
 237        if (has_dup_entries)
 238                retval += error_func(&item->object, FSCK_ERROR, "contains duplicate file entries");
 239        if (not_properly_sorted)
 240                retval += error_func(&item->object, FSCK_ERROR, "not properly sorted");
 241        return retval;
 242}
 243
 244static int verify_headers(const void *data, unsigned long size,
 245                          struct object *obj, fsck_error error_func)
 246{
 247        const char *buffer = (const char *)data;
 248        unsigned long i;
 249
 250        for (i = 0; i < size; i++) {
 251                switch (buffer[i]) {
 252                case '\0':
 253                        return error_func(obj, FSCK_ERROR,
 254                                "unterminated header: NUL at offset %d", i);
 255                case '\n':
 256                        if (i + 1 < size && buffer[i + 1] == '\n')
 257                                return 0;
 258                }
 259        }
 260
 261        /*
 262         * We did not find double-LF that separates the header
 263         * and the body.  Not having a body is not a crime but
 264         * we do want to see the terminating LF for the last header
 265         * line.
 266         */
 267        if (size && buffer[size - 1] == '\n')
 268                return 0;
 269
 270        return error_func(obj, FSCK_ERROR, "unterminated header");
 271}
 272
 273static int fsck_ident(const char **ident, struct object *obj, fsck_error error_func)
 274{
 275        char *end;
 276
 277        if (**ident == '<')
 278                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
 279        *ident += strcspn(*ident, "<>\n");
 280        if (**ident == '>')
 281                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad name");
 282        if (**ident != '<')
 283                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing email");
 284        if ((*ident)[-1] != ' ')
 285                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
 286        (*ident)++;
 287        *ident += strcspn(*ident, "<>\n");
 288        if (**ident != '>')
 289                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad email");
 290        (*ident)++;
 291        if (**ident != ' ')
 292                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before date");
 293        (*ident)++;
 294        if (**ident == '0' && (*ident)[1] != ' ')
 295                return error_func(obj, FSCK_ERROR, "invalid author/committer line - zero-padded date");
 296        if (date_overflows(strtoul(*ident, &end, 10)))
 297                return error_func(obj, FSCK_ERROR, "invalid author/committer line - date causes integer overflow");
 298        if (end == *ident || *end != ' ')
 299                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad date");
 300        *ident = end + 1;
 301        if ((**ident != '+' && **ident != '-') ||
 302            !isdigit((*ident)[1]) ||
 303            !isdigit((*ident)[2]) ||
 304            !isdigit((*ident)[3]) ||
 305            !isdigit((*ident)[4]) ||
 306            ((*ident)[5] != '\n'))
 307                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad time zone");
 308        (*ident) += 6;
 309        return 0;
 310}
 311
 312static int fsck_commit_buffer(struct commit *commit, const char *buffer,
 313        unsigned long size, fsck_error error_func)
 314{
 315        unsigned char tree_sha1[20], sha1[20];
 316        struct commit_graft *graft;
 317        unsigned parent_count, parent_line_count = 0;
 318        int err;
 319
 320        if (verify_headers(buffer, size, &commit->object, error_func))
 321                return -1;
 322
 323        if (!skip_prefix(buffer, "tree ", &buffer))
 324                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'tree' line");
 325        if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n')
 326                return error_func(&commit->object, FSCK_ERROR, "invalid 'tree' line format - bad sha1");
 327        buffer += 41;
 328        while (skip_prefix(buffer, "parent ", &buffer)) {
 329                if (get_sha1_hex(buffer, sha1) || buffer[40] != '\n')
 330                        return error_func(&commit->object, FSCK_ERROR, "invalid 'parent' line format - bad sha1");
 331                buffer += 41;
 332                parent_line_count++;
 333        }
 334        graft = lookup_commit_graft(commit->object.sha1);
 335        parent_count = commit_list_count(commit->parents);
 336        if (graft) {
 337                if (graft->nr_parent == -1 && !parent_count)
 338                        ; /* shallow commit */
 339                else if (graft->nr_parent != parent_count)
 340                        return error_func(&commit->object, FSCK_ERROR, "graft objects missing");
 341        } else {
 342                if (parent_count != parent_line_count)
 343                        return error_func(&commit->object, FSCK_ERROR, "parent objects missing");
 344        }
 345        if (!skip_prefix(buffer, "author ", &buffer))
 346                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'author' line");
 347        err = fsck_ident(&buffer, &commit->object, error_func);
 348        if (err)
 349                return err;
 350        if (!skip_prefix(buffer, "committer ", &buffer))
 351                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'committer' line");
 352        err = fsck_ident(&buffer, &commit->object, error_func);
 353        if (err)
 354                return err;
 355        if (!commit->tree)
 356                return error_func(&commit->object, FSCK_ERROR, "could not load commit's tree %s", sha1_to_hex(tree_sha1));
 357
 358        return 0;
 359}
 360
 361static int fsck_commit(struct commit *commit, const char *data,
 362        unsigned long size, fsck_error error_func)
 363{
 364        const char *buffer = data ?  data : get_commit_buffer(commit, &size);
 365        int ret = fsck_commit_buffer(commit, buffer, size, error_func);
 366        if (!data)
 367                unuse_commit_buffer(commit, buffer);
 368        return ret;
 369}
 370
 371static int fsck_tag_buffer(struct tag *tag, const char *data,
 372        unsigned long size, fsck_error error_func)
 373{
 374        unsigned char sha1[20];
 375        int ret = 0;
 376        const char *buffer;
 377        char *to_free = NULL, *eol;
 378        struct strbuf sb = STRBUF_INIT;
 379
 380        if (data)
 381                buffer = data;
 382        else {
 383                enum object_type type;
 384
 385                buffer = to_free =
 386                        read_sha1_file(tag->object.sha1, &type, &size);
 387                if (!buffer)
 388                        return error_func(&tag->object, FSCK_ERROR,
 389                                "cannot read tag object");
 390
 391                if (type != OBJ_TAG) {
 392                        ret = error_func(&tag->object, FSCK_ERROR,
 393                                "expected tag got %s",
 394                            typename(type));
 395                        goto done;
 396                }
 397        }
 398
 399        if (verify_headers(buffer, size, &tag->object, error_func))
 400                goto done;
 401
 402        if (!skip_prefix(buffer, "object ", &buffer)) {
 403                ret = error_func(&tag->object, FSCK_ERROR, "invalid format - expected 'object' line");
 404                goto done;
 405        }
 406        if (get_sha1_hex(buffer, sha1) || buffer[40] != '\n') {
 407                ret = error_func(&tag->object, FSCK_ERROR, "invalid 'object' line format - bad sha1");
 408                goto done;
 409        }
 410        buffer += 41;
 411
 412        if (!skip_prefix(buffer, "type ", &buffer)) {
 413                ret = error_func(&tag->object, FSCK_ERROR, "invalid format - expected 'type' line");
 414                goto done;
 415        }
 416        eol = strchr(buffer, '\n');
 417        if (!eol) {
 418                ret = error_func(&tag->object, FSCK_ERROR, "invalid format - unexpected end after 'type' line");
 419                goto done;
 420        }
 421        if (type_from_string_gently(buffer, eol - buffer, 1) < 0)
 422                ret = error_func(&tag->object, FSCK_ERROR, "invalid 'type' value");
 423        if (ret)
 424                goto done;
 425        buffer = eol + 1;
 426
 427        if (!skip_prefix(buffer, "tag ", &buffer)) {
 428                ret = error_func(&tag->object, FSCK_ERROR, "invalid format - expected 'tag' line");
 429                goto done;
 430        }
 431        eol = strchr(buffer, '\n');
 432        if (!eol) {
 433                ret = error_func(&tag->object, FSCK_ERROR, "invalid format - unexpected end after 'type' line");
 434                goto done;
 435        }
 436        strbuf_addf(&sb, "refs/tags/%.*s", (int)(eol - buffer), buffer);
 437        if (check_refname_format(sb.buf, 0))
 438                error_func(&tag->object, FSCK_WARN, "invalid 'tag' name: %.*s",
 439                           (int)(eol - buffer), buffer);
 440        buffer = eol + 1;
 441
 442        if (!skip_prefix(buffer, "tagger ", &buffer))
 443                /* early tags do not contain 'tagger' lines; warn only */
 444                error_func(&tag->object, FSCK_WARN, "invalid format - expected 'tagger' line");
 445        else
 446                ret = fsck_ident(&buffer, &tag->object, error_func);
 447
 448done:
 449        strbuf_release(&sb);
 450        free(to_free);
 451        return ret;
 452}
 453
 454static int fsck_tag(struct tag *tag, const char *data,
 455        unsigned long size, fsck_error error_func)
 456{
 457        struct object *tagged = tag->tagged;
 458
 459        if (!tagged)
 460                return error_func(&tag->object, FSCK_ERROR, "could not load tagged object");
 461
 462        return fsck_tag_buffer(tag, data, size, error_func);
 463}
 464
 465int fsck_object(struct object *obj, void *data, unsigned long size,
 466        int strict, fsck_error error_func)
 467{
 468        if (!obj)
 469                return error_func(obj, FSCK_ERROR, "no valid object to fsck");
 470
 471        if (obj->type == OBJ_BLOB)
 472                return 0;
 473        if (obj->type == OBJ_TREE)
 474                return fsck_tree((struct tree *) obj, strict, error_func);
 475        if (obj->type == OBJ_COMMIT)
 476                return fsck_commit((struct commit *) obj, (const char *) data,
 477                        size, error_func);
 478        if (obj->type == OBJ_TAG)
 479                return fsck_tag((struct tag *) obj, (const char *) data,
 480                        size, error_func);
 481
 482        return error_func(obj, FSCK_ERROR, "unknown type '%d' (internal fsck error)",
 483                          obj->type);
 484}
 485
 486int fsck_error_function(struct object *obj, int type, const char *fmt, ...)
 487{
 488        va_list ap;
 489        struct strbuf sb = STRBUF_INIT;
 490
 491        strbuf_addf(&sb, "object %s:", sha1_to_hex(obj->sha1));
 492
 493        va_start(ap, fmt);
 494        strbuf_vaddf(&sb, fmt, ap);
 495        va_end(ap);
 496
 497        error("%s", sb.buf);
 498        strbuf_release(&sb);
 499        return 1;
 500}