1#include "cache.h"
2#include "pack.h"
3#include "pack-revindex.h"
4#include "progress.h"
56
struct idx_entry {
7off_t offset;
8const unsigned char *sha1;
9unsigned int nr;
10};
1112
static int compare_entries(const void *e1, const void *e2)
13{
14const struct idx_entry *entry1 = e1;
15const struct idx_entry *entry2 = e2;
16if (entry1->offset < entry2->offset)
17return -1;
18if (entry1->offset > entry2->offset)
19return 1;
20return 0;
21}
2223
int check_pack_crc(struct packed_git *p, struct pack_window **w_curs,
24off_t offset, off_t len, unsigned int nr)
25{
26const uint32_t *index_crc;
27uint32_t data_crc = crc32(0, NULL, 0);
2829
do {
30unsigned long avail;
31void *data = use_pack(p, w_curs, offset, &avail);
32if (avail > len)
33avail = len;
34data_crc = crc32(data_crc, data, avail);
35offset += avail;
36len -= avail;
37} while (len);
3839
index_crc = p->index_data;
40index_crc += 2 + 256 + p->num_objects * (20/4) + nr;
4142
return data_crc != ntohl(*index_crc);
43}
4445
static int verify_packfile(struct packed_git *p,
46struct pack_window **w_curs,
47verify_fn fn,
48struct progress *progress, uint32_t base_count)
4950
{
51off_t index_size = p->index_size;
52const unsigned char *index_base = p->index_data;
53git_SHA_CTX ctx;
54unsigned char sha1[20], *pack_sig;
55off_t offset = 0, pack_sig_ofs = 0;
56uint32_t nr_objects, i;
57int err = 0;
58struct idx_entry *entries;
5960
/* Note that the pack header checks are actually performed by
61* use_pack when it first opens the pack file. If anything
62* goes wrong during those checks then the call will die out
63* immediately.
64*/
6566
git_SHA1_Init(&ctx);
67do {
68unsigned long remaining;
69unsigned char *in = use_pack(p, w_curs, offset, &remaining);
70offset += remaining;
71if (!pack_sig_ofs)
72pack_sig_ofs = p->pack_size - 20;
73if (offset > pack_sig_ofs)
74remaining -= (unsigned int)(offset - pack_sig_ofs);
75git_SHA1_Update(&ctx, in, remaining);
76} while (offset < pack_sig_ofs);
77git_SHA1_Final(sha1, &ctx);
78pack_sig = use_pack(p, w_curs, pack_sig_ofs, NULL);
79if (hashcmp(sha1, pack_sig))
80err = error("%s SHA1 checksum mismatch",
81p->pack_name);
82if (hashcmp(index_base + index_size - 40, pack_sig))
83err = error("%s SHA1 does not match its index",
84p->pack_name);
85unuse_pack(w_curs);
8687
/* Make sure everything reachable from idx is valid. Since we
88* have verified that nr_objects matches between idx and pack,
89* we do not do scan-streaming check on the pack file.
90*/
91nr_objects = p->num_objects;
92ALLOC_ARRAY(entries, nr_objects + 1);
93entries[nr_objects].offset = pack_sig_ofs;
94/* first sort entries by pack offset, since unpacking them is more efficient that way */
95for (i = 0; i < nr_objects; i++) {
96entries[i].sha1 = nth_packed_object_sha1(p, i);
97if (!entries[i].sha1)
98die("internal error pack-check nth-packed-object");
99entries[i].offset = nth_packed_object_offset(p, i);
100entries[i].nr = i;
101}
102QSORT(entries, nr_objects, compare_entries);
103104
for (i = 0; i < nr_objects; i++) {
105void *data;
106enum object_type type;
107unsigned long size;
108off_t curpos;
109int data_valid;
110111
if (p->index_version > 1) {
112off_t offset = entries[i].offset;
113off_t len = entries[i+1].offset - offset;
114unsigned int nr = entries[i].nr;
115if (check_pack_crc(p, w_curs, offset, len, nr))
116err = error("index CRC mismatch for object %s "
117"from %s at offset %"PRIuMAX"",
118sha1_to_hex(entries[i].sha1),
119p->pack_name, (uintmax_t)offset);
120}
121122
curpos = entries[i].offset;
123type = unpack_object_header(p, w_curs, &curpos, &size);
124unuse_pack(w_curs);
125126
if (type == OBJ_BLOB && big_file_threshold <= size) {
127/*
128* Let check_sha1_signature() check it with
129* the streaming interface; no point slurping
130* the data in-core only to discard.
131*/
132data = NULL;
133data_valid = 0;
134} else {
135data = unpack_entry(p, entries[i].offset, &type, &size);
136data_valid = 1;
137}
138139
if (data_valid && !data)
140err = error("cannot unpack %s from %s at offset %"PRIuMAX"",
141sha1_to_hex(entries[i].sha1), p->pack_name,
142(uintmax_t)entries[i].offset);
143else if (check_sha1_signature(entries[i].sha1, data, size, typename(type)))
144err = error("packed %s from %s is corrupt",
145sha1_to_hex(entries[i].sha1), p->pack_name);
146else if (fn) {
147int eaten = 0;
148err |= fn(entries[i].sha1, type, size, data, &eaten);
149if (eaten)
150data = NULL;
151}
152if (((base_count + i) & 1023) == 0)
153display_progress(progress, base_count + i);
154free(data);
155156
}
157display_progress(progress, base_count + i);
158free(entries);
159160
return err;
161}
162163
int verify_pack_index(struct packed_git *p)
164{
165off_t index_size;
166const unsigned char *index_base;
167git_SHA_CTX ctx;
168unsigned char sha1[20];
169int err = 0;
170171
if (open_pack_index(p))
172return error("packfile %s index not opened", p->pack_name);
173index_size = p->index_size;
174index_base = p->index_data;
175176
/* Verify SHA1 sum of the index file */
177git_SHA1_Init(&ctx);
178git_SHA1_Update(&ctx, index_base, (unsigned int)(index_size - 20));
179git_SHA1_Final(sha1, &ctx);
180if (hashcmp(sha1, index_base + index_size - 20))
181err = error("Packfile index for %s SHA1 mismatch",
182p->pack_name);
183return err;
184}
185186
int verify_pack(struct packed_git *p, verify_fn fn,
187struct progress *progress, uint32_t base_count)
188{
189int err = 0;
190struct pack_window *w_curs = NULL;
191192
err |= verify_pack_index(p);
193if (!p->index_data)
194return -1;
195196
err |= verify_packfile(p, &w_curs, fn, progress, base_count);
197unuse_pack(&w_curs);
198199
return err;
200}