bundle.con commit sideband: do not read beyond the end of input (59a255a)
   1#include "cache.h"
   2#include "lockfile.h"
   3#include "bundle.h"
   4#include "object-store.h"
   5#include "repository.h"
   6#include "object.h"
   7#include "commit.h"
   8#include "diff.h"
   9#include "revision.h"
  10#include "list-objects.h"
  11#include "run-command.h"
  12#include "refs.h"
  13#include "argv-array.h"
  14
  15static const char bundle_signature[] = "# v2 git bundle\n";
  16
  17static void add_to_ref_list(const struct object_id *oid, const char *name,
  18                struct ref_list *list)
  19{
  20        ALLOC_GROW(list->list, list->nr + 1, list->alloc);
  21        oidcpy(&list->list[list->nr].oid, oid);
  22        list->list[list->nr].name = xstrdup(name);
  23        list->nr++;
  24}
  25
  26static int parse_bundle_header(int fd, struct bundle_header *header,
  27                               const char *report_path)
  28{
  29        struct strbuf buf = STRBUF_INIT;
  30        int status = 0;
  31
  32        /* The bundle header begins with the signature */
  33        if (strbuf_getwholeline_fd(&buf, fd, '\n') ||
  34            strcmp(buf.buf, bundle_signature)) {
  35                if (report_path)
  36                        error(_("'%s' does not look like a v2 bundle file"),
  37                              report_path);
  38                status = -1;
  39                goto abort;
  40        }
  41
  42        /* The bundle header ends with an empty line */
  43        while (!strbuf_getwholeline_fd(&buf, fd, '\n') &&
  44               buf.len && buf.buf[0] != '\n') {
  45                struct object_id oid;
  46                int is_prereq = 0;
  47                const char *p;
  48
  49                if (*buf.buf == '-') {
  50                        is_prereq = 1;
  51                        strbuf_remove(&buf, 0, 1);
  52                }
  53                strbuf_rtrim(&buf);
  54
  55                /*
  56                 * Tip lines have object name, SP, and refname.
  57                 * Prerequisites have object name that is optionally
  58                 * followed by SP and subject line.
  59                 */
  60                if (parse_oid_hex(buf.buf, &oid, &p) ||
  61                    (*p && !isspace(*p)) ||
  62                    (!is_prereq && !*p)) {
  63                        if (report_path)
  64                                error(_("unrecognized header: %s%s (%d)"),
  65                                      (is_prereq ? "-" : ""), buf.buf, (int)buf.len);
  66                        status = -1;
  67                        break;
  68                } else {
  69                        if (is_prereq)
  70                                add_to_ref_list(&oid, "", &header->prerequisites);
  71                        else
  72                                add_to_ref_list(&oid, p + 1, &header->references);
  73                }
  74        }
  75
  76 abort:
  77        if (status) {
  78                close(fd);
  79                fd = -1;
  80        }
  81        strbuf_release(&buf);
  82        return fd;
  83}
  84
  85int read_bundle_header(const char *path, struct bundle_header *header)
  86{
  87        int fd = open(path, O_RDONLY);
  88
  89        if (fd < 0)
  90                return error(_("could not open '%s'"), path);
  91        return parse_bundle_header(fd, header, path);
  92}
  93
  94int is_bundle(const char *path, int quiet)
  95{
  96        struct bundle_header header;
  97        int fd = open(path, O_RDONLY);
  98
  99        if (fd < 0)
 100                return 0;
 101        memset(&header, 0, sizeof(header));
 102        fd = parse_bundle_header(fd, &header, quiet ? NULL : path);
 103        if (fd >= 0)
 104                close(fd);
 105        return (fd >= 0);
 106}
 107
 108static int list_refs(struct ref_list *r, int argc, const char **argv)
 109{
 110        int i;
 111
 112        for (i = 0; i < r->nr; i++) {
 113                if (argc > 1) {
 114                        int j;
 115                        for (j = 1; j < argc; j++)
 116                                if (!strcmp(r->list[i].name, argv[j]))
 117                                        break;
 118                        if (j == argc)
 119                                continue;
 120                }
 121                printf("%s %s\n", oid_to_hex(&r->list[i].oid),
 122                                r->list[i].name);
 123        }
 124        return 0;
 125}
 126
 127/* Remember to update object flag allocation in object.h */
 128#define PREREQ_MARK (1u<<16)
 129
 130int verify_bundle(struct bundle_header *header, int verbose)
 131{
 132        /*
 133         * Do fast check, then if any prereqs are missing then go line by line
 134         * to be verbose about the errors
 135         */
 136        struct ref_list *p = &header->prerequisites;
 137        struct rev_info revs;
 138        const char *argv[] = {NULL, "--all", NULL};
 139        struct commit *commit;
 140        int i, ret = 0, req_nr;
 141        const char *message = _("Repository lacks these prerequisite commits:");
 142
 143        init_revisions(&revs, NULL);
 144        for (i = 0; i < p->nr; i++) {
 145                struct ref_list_entry *e = p->list + i;
 146                struct object *o = parse_object(the_repository, &e->oid);
 147                if (o) {
 148                        o->flags |= PREREQ_MARK;
 149                        add_pending_object(&revs, o, e->name);
 150                        continue;
 151                }
 152                if (++ret == 1)
 153                        error("%s", message);
 154                error("%s %s", oid_to_hex(&e->oid), e->name);
 155        }
 156        if (revs.pending.nr != p->nr)
 157                return ret;
 158        req_nr = revs.pending.nr;
 159        setup_revisions(2, argv, &revs, NULL);
 160
 161        if (prepare_revision_walk(&revs))
 162                die(_("revision walk setup failed"));
 163
 164        i = req_nr;
 165        while (i && (commit = get_revision(&revs)))
 166                if (commit->object.flags & PREREQ_MARK)
 167                        i--;
 168
 169        for (i = 0; i < p->nr; i++) {
 170                struct ref_list_entry *e = p->list + i;
 171                struct object *o = parse_object(the_repository, &e->oid);
 172                assert(o); /* otherwise we'd have returned early */
 173                if (o->flags & SHOWN)
 174                        continue;
 175                if (++ret == 1)
 176                        error("%s", message);
 177                error("%s %s", oid_to_hex(&e->oid), e->name);
 178        }
 179
 180        /* Clean up objects used, as they will be reused. */
 181        for (i = 0; i < p->nr; i++) {
 182                struct ref_list_entry *e = p->list + i;
 183                commit = lookup_commit_reference_gently(the_repository, &e->oid, 1);
 184                if (commit)
 185                        clear_commit_marks(commit, ALL_REV_FLAGS);
 186        }
 187
 188        if (verbose) {
 189                struct ref_list *r;
 190
 191                r = &header->references;
 192                printf_ln(Q_("The bundle contains this ref:",
 193                             "The bundle contains these %d refs:",
 194                             r->nr),
 195                          r->nr);
 196                list_refs(r, 0, NULL);
 197                r = &header->prerequisites;
 198                if (!r->nr) {
 199                        printf_ln(_("The bundle records a complete history."));
 200                } else {
 201                        printf_ln(Q_("The bundle requires this ref:",
 202                                     "The bundle requires these %d refs:",
 203                                     r->nr),
 204                                  r->nr);
 205                        list_refs(r, 0, NULL);
 206                }
 207        }
 208        return ret;
 209}
 210
 211int list_bundle_refs(struct bundle_header *header, int argc, const char **argv)
 212{
 213        return list_refs(&header->references, argc, argv);
 214}
 215
 216static int is_tag_in_date_range(struct object *tag, struct rev_info *revs)
 217{
 218        unsigned long size;
 219        enum object_type type;
 220        char *buf = NULL, *line, *lineend;
 221        timestamp_t date;
 222        int result = 1;
 223
 224        if (revs->max_age == -1 && revs->min_age == -1)
 225                goto out;
 226
 227        buf = read_object_file(&tag->oid, &type, &size);
 228        if (!buf)
 229                goto out;
 230        line = memmem(buf, size, "\ntagger ", 8);
 231        if (!line++)
 232                goto out;
 233        lineend = memchr(line, '\n', buf + size - line);
 234        line = memchr(line, '>', lineend ? lineend - line : buf + size - line);
 235        if (!line++)
 236                goto out;
 237        date = parse_timestamp(line, NULL, 10);
 238        result = (revs->max_age == -1 || revs->max_age < date) &&
 239                (revs->min_age == -1 || revs->min_age > date);
 240out:
 241        free(buf);
 242        return result;
 243}
 244
 245
 246/* Write the pack data to bundle_fd, then close it if it is > 1. */
 247static int write_pack_data(int bundle_fd, struct rev_info *revs)
 248{
 249        struct child_process pack_objects = CHILD_PROCESS_INIT;
 250        int i;
 251
 252        argv_array_pushl(&pack_objects.args,
 253                         "pack-objects", "--all-progress-implied",
 254                         "--stdout", "--thin", "--delta-base-offset",
 255                         NULL);
 256        pack_objects.in = -1;
 257        pack_objects.out = bundle_fd;
 258        pack_objects.git_cmd = 1;
 259        if (start_command(&pack_objects))
 260                return error(_("Could not spawn pack-objects"));
 261
 262        for (i = 0; i < revs->pending.nr; i++) {
 263                struct object *object = revs->pending.objects[i].item;
 264                if (object->flags & UNINTERESTING)
 265                        write_or_die(pack_objects.in, "^", 1);
 266                write_or_die(pack_objects.in, oid_to_hex(&object->oid), GIT_SHA1_HEXSZ);
 267                write_or_die(pack_objects.in, "\n", 1);
 268        }
 269        close(pack_objects.in);
 270        if (finish_command(&pack_objects))
 271                return error(_("pack-objects died"));
 272        return 0;
 273}
 274
 275static int compute_and_write_prerequisites(int bundle_fd,
 276                                           struct rev_info *revs,
 277                                           int argc, const char **argv)
 278{
 279        struct child_process rls = CHILD_PROCESS_INIT;
 280        struct strbuf buf = STRBUF_INIT;
 281        FILE *rls_fout;
 282        int i;
 283
 284        argv_array_pushl(&rls.args,
 285                         "rev-list", "--boundary", "--pretty=oneline",
 286                         NULL);
 287        for (i = 1; i < argc; i++)
 288                argv_array_push(&rls.args, argv[i]);
 289        rls.out = -1;
 290        rls.git_cmd = 1;
 291        if (start_command(&rls))
 292                return -1;
 293        rls_fout = xfdopen(rls.out, "r");
 294        while (strbuf_getwholeline(&buf, rls_fout, '\n') != EOF) {
 295                struct object_id oid;
 296                if (buf.len > 0 && buf.buf[0] == '-') {
 297                        write_or_die(bundle_fd, buf.buf, buf.len);
 298                        if (!get_oid_hex(buf.buf + 1, &oid)) {
 299                                struct object *object = parse_object_or_die(&oid,
 300                                                                            buf.buf);
 301                                object->flags |= UNINTERESTING;
 302                                add_pending_object(revs, object, buf.buf);
 303                        }
 304                } else if (!get_oid_hex(buf.buf, &oid)) {
 305                        struct object *object = parse_object_or_die(&oid,
 306                                                                    buf.buf);
 307                        object->flags |= SHOWN;
 308                }
 309        }
 310        strbuf_release(&buf);
 311        fclose(rls_fout);
 312        if (finish_command(&rls))
 313                return error(_("rev-list died"));
 314        return 0;
 315}
 316
 317/*
 318 * Write out bundle refs based on the tips already
 319 * parsed into revs.pending. As a side effect, may
 320 * manipulate revs.pending to include additional
 321 * necessary objects (like tags).
 322 *
 323 * Returns the number of refs written, or negative
 324 * on error.
 325 */
 326static int write_bundle_refs(int bundle_fd, struct rev_info *revs)
 327{
 328        int i;
 329        int ref_count = 0;
 330
 331        for (i = 0; i < revs->pending.nr; i++) {
 332                struct object_array_entry *e = revs->pending.objects + i;
 333                struct object_id oid;
 334                char *ref;
 335                const char *display_ref;
 336                int flag;
 337
 338                if (e->item->flags & UNINTERESTING)
 339                        continue;
 340                if (dwim_ref(e->name, strlen(e->name), &oid, &ref) != 1)
 341                        goto skip_write_ref;
 342                if (read_ref_full(e->name, RESOLVE_REF_READING, &oid, &flag))
 343                        flag = 0;
 344                display_ref = (flag & REF_ISSYMREF) ? e->name : ref;
 345
 346                if (e->item->type == OBJ_TAG &&
 347                                !is_tag_in_date_range(e->item, revs)) {
 348                        e->item->flags |= UNINTERESTING;
 349                        goto skip_write_ref;
 350                }
 351
 352                /*
 353                 * Make sure the refs we wrote out is correct; --max-count and
 354                 * other limiting options could have prevented all the tips
 355                 * from getting output.
 356                 *
 357                 * Non commit objects such as tags and blobs do not have
 358                 * this issue as they are not affected by those extra
 359                 * constraints.
 360                 */
 361                if (!(e->item->flags & SHOWN) && e->item->type == OBJ_COMMIT) {
 362                        warning(_("ref '%s' is excluded by the rev-list options"),
 363                                e->name);
 364                        goto skip_write_ref;
 365                }
 366                /*
 367                 * If you run "git bundle create bndl v1.0..v2.0", the
 368                 * name of the positive ref is "v2.0" but that is the
 369                 * commit that is referenced by the tag, and not the tag
 370                 * itself.
 371                 */
 372                if (oidcmp(&oid, &e->item->oid)) {
 373                        /*
 374                         * Is this the positive end of a range expressed
 375                         * in terms of a tag (e.g. v2.0 from the range
 376                         * "v1.0..v2.0")?
 377                         */
 378                        struct commit *one = lookup_commit_reference(the_repository,
 379                                                                     &oid);
 380                        struct object *obj;
 381
 382                        if (e->item == &(one->object)) {
 383                                /*
 384                                 * Need to include e->name as an
 385                                 * independent ref to the pack-objects
 386                                 * input, so that the tag is included
 387                                 * in the output; otherwise we would
 388                                 * end up triggering "empty bundle"
 389                                 * error.
 390                                 */
 391                                obj = parse_object_or_die(&oid, e->name);
 392                                obj->flags |= SHOWN;
 393                                add_pending_object(revs, obj, e->name);
 394                        }
 395                        goto skip_write_ref;
 396                }
 397
 398                ref_count++;
 399                write_or_die(bundle_fd, oid_to_hex(&e->item->oid), 40);
 400                write_or_die(bundle_fd, " ", 1);
 401                write_or_die(bundle_fd, display_ref, strlen(display_ref));
 402                write_or_die(bundle_fd, "\n", 1);
 403 skip_write_ref:
 404                free(ref);
 405        }
 406
 407        /* end header */
 408        write_or_die(bundle_fd, "\n", 1);
 409        return ref_count;
 410}
 411
 412int create_bundle(struct bundle_header *header, const char *path,
 413                  int argc, const char **argv)
 414{
 415        struct lock_file lock = LOCK_INIT;
 416        int bundle_fd = -1;
 417        int bundle_to_stdout;
 418        int ref_count = 0;
 419        struct rev_info revs;
 420
 421        bundle_to_stdout = !strcmp(path, "-");
 422        if (bundle_to_stdout)
 423                bundle_fd = 1;
 424        else {
 425                bundle_fd = hold_lock_file_for_update(&lock, path,
 426                                                      LOCK_DIE_ON_ERROR);
 427
 428                /*
 429                 * write_pack_data() will close the fd passed to it,
 430                 * but commit_lock_file() will also try to close the
 431                 * lockfile's fd. So make a copy of the file
 432                 * descriptor to avoid trying to close it twice.
 433                 */
 434                bundle_fd = dup(bundle_fd);
 435                if (bundle_fd < 0)
 436                        die_errno("unable to dup file descriptor");
 437        }
 438
 439        /* write signature */
 440        write_or_die(bundle_fd, bundle_signature, strlen(bundle_signature));
 441
 442        /* init revs to list objects for pack-objects later */
 443        save_commit_buffer = 0;
 444        init_revisions(&revs, NULL);
 445
 446        /* write prerequisites */
 447        if (compute_and_write_prerequisites(bundle_fd, &revs, argc, argv))
 448                goto err;
 449
 450        argc = setup_revisions(argc, argv, &revs, NULL);
 451
 452        if (argc > 1) {
 453                error(_("unrecognized argument: %s"), argv[1]);
 454                goto err;
 455        }
 456
 457        object_array_remove_duplicates(&revs.pending);
 458
 459        ref_count = write_bundle_refs(bundle_fd, &revs);
 460        if (!ref_count)
 461                die(_("Refusing to create empty bundle."));
 462        else if (ref_count < 0)
 463                goto err;
 464
 465        /* write pack */
 466        if (write_pack_data(bundle_fd, &revs)) {
 467                bundle_fd = -1; /* already closed by the above call */
 468                goto err;
 469        }
 470
 471        if (!bundle_to_stdout) {
 472                if (commit_lock_file(&lock))
 473                        die_errno(_("cannot create '%s'"), path);
 474        }
 475        return 0;
 476err:
 477        if (!bundle_to_stdout) {
 478                if (0 <= bundle_fd)
 479                        close(bundle_fd);
 480                rollback_lock_file(&lock);
 481        }
 482        return -1;
 483}
 484
 485int unbundle(struct bundle_header *header, int bundle_fd, int flags)
 486{
 487        const char *argv_index_pack[] = {"index-pack",
 488                                         "--fix-thin", "--stdin", NULL, NULL};
 489        struct child_process ip = CHILD_PROCESS_INIT;
 490
 491        if (flags & BUNDLE_VERBOSE)
 492                argv_index_pack[3] = "-v";
 493
 494        if (verify_bundle(header, 0))
 495                return -1;
 496        ip.argv = argv_index_pack;
 497        ip.in = bundle_fd;
 498        ip.no_stdout = 1;
 499        ip.git_cmd = 1;
 500        if (run_command(&ip))
 501                return error(_("index-pack died"));
 502        return 0;
 503}