sha1_file: Fix infinite loop when pack is corrupted
[gitweb.git] / builtin-pack-objects.c
index 5fc1b8c6fb8273c6957ab9d0d98b9b4150843fc5..02f9246cdb29903e9d7aafe47604f6882a3e7f86 100644 (file)
 #include <pthread.h>
 #endif
 
-static const char pack_usage[] = "\
-git pack-objects [{ -q | --progress | --all-progress }] \n\
-       [--max-pack-size=N] [--local] [--incremental] \n\
-       [--window=N] [--window-memory=N] [--depth=N] \n\
-       [--no-reuse-delta] [--no-reuse-object] [--delta-base-offset] \n\
-       [--threads=N] [--non-empty] [--revs [--unpacked | --all]*] [--reflog] \n\
-       [--stdout | base-name] [--include-tag] \n\
-       [--keep-unreachable | --unpack-unreachable] \n\
-       [<ref-list | <object-list]";
+static const char pack_usage[] =
+  "git pack-objects [{ -q | --progress | --all-progress }]\n"
+  "        [--max-pack-size=N] [--local] [--incremental]\n"
+  "        [--window=N] [--window-memory=N] [--depth=N]\n"
+  "        [--no-reuse-delta] [--no-reuse-object] [--delta-base-offset]\n"
+  "        [--threads=N] [--non-empty] [--revs [--unpacked | --all]*]\n"
+  "        [--reflog] [--stdout | base-name] [--include-tag]\n"
+  "        [--keep-unreachable | --unpack-unreachable \n"
+  "        [<ref-list | <object-list]";
 
 struct object_entry {
        struct pack_idx_entry idx;
@@ -71,13 +71,14 @@ static int reuse_delta = 1, reuse_object = 1;
 static int keep_unreachable, unpack_unreachable, include_tag;
 static int local;
 static int incremental;
+static int ignore_packed_keep;
 static int allow_ofs_delta;
 static const char *base_name;
 static int progress = 1;
 static int window = 10;
 static uint32_t pack_size_limit, pack_size_limit_cfg;
 static int depth = 50;
-static int delta_search_threads = 1;
+static int delta_search_threads;
 static int pack_to_stdout;
 static int num_preferred_base;
 static struct progress *progress_state;
@@ -85,7 +86,7 @@ static int pack_compression_level = Z_DEFAULT_COMPRESSION;
 static int pack_compression_seen;
 
 static unsigned long delta_cache_size = 0;
-static unsigned long max_delta_cache_size = 0;
+static unsigned long max_delta_cache_size = 256 * 1024 * 1024;
 static unsigned long cache_max_small_delta_size = 1000;
 
 static unsigned long window_memory_limit = 0;
@@ -194,16 +195,16 @@ static int check_pack_inflate(struct packed_git *p,
        int st;
 
        memset(&stream, 0, sizeof(stream));
-       inflateInit(&stream);
+       git_inflate_init(&stream);
        do {
                in = use_pack(p, w_curs, offset, &stream.avail_in);
                stream.next_in = in;
                stream.next_out = fakebuf;
                stream.avail_out = sizeof(fakebuf);
-               st = inflate(&stream, Z_FINISH);
+               st = git_inflate(&stream, Z_FINISH);
                offset += stream.next_in - in;
        } while (st == Z_OK || st == Z_BUF_ERROR);
-       inflateEnd(&stream);
+       git_inflate_end(&stream);
        return (st == Z_STREAM_END &&
                stream.total_out == expect &&
                stream.total_in == len) ? 0 : -1;
@@ -245,8 +246,16 @@ static unsigned long write_object(struct sha1file *f,
        type = entry->type;
 
        /* write limit if limited packsize and not first object */
-       limit = pack_size_limit && nr_written ?
-                       pack_size_limit - write_offset : 0;
+       if (!pack_size_limit || !nr_written)
+               limit = 0;
+       else if (pack_size_limit <= write_offset)
+               /*
+                * the earlier object did not fit the limit; avoid
+                * mistaking this with unlimited (i.e. limit = 0).
+                */
+               limit = 1;
+       else
+               limit = pack_size_limit - write_offset;
 
        if (!entry->delta)
                usable_delta = 0;       /* no delta */
@@ -277,13 +286,14 @@ static unsigned long write_object(struct sha1file *f,
                                 */
 
        if (!to_reuse) {
+               no_reuse:
                if (!usable_delta) {
                        buf = read_sha1_file(entry->idx.sha1, &type, &size);
                        if (!buf)
                                die("unable to read %s", sha1_to_hex(entry->idx.sha1));
                        /*
                         * make sure no cached delta data remains from a
-                        * previous attempt before a pack split occured.
+                        * previous attempt before a pack split occurred.
                         */
                        free(entry->delta_data);
                        entry->delta_data = NULL;
@@ -358,46 +368,60 @@ static unsigned long write_object(struct sha1file *f,
                struct revindex_entry *revidx;
                off_t offset;
 
-               if (entry->delta) {
+               if (entry->delta)
                        type = (allow_ofs_delta && entry->delta->idx.offset) ?
                                OBJ_OFS_DELTA : OBJ_REF_DELTA;
-                       reused_delta++;
-               }
                hdrlen = encode_header(type, entry->size, header);
+
                offset = entry->in_pack_offset;
                revidx = find_pack_revindex(p, offset);
                datalen = revidx[1].offset - offset;
                if (!pack_to_stdout && p->index_version > 1 &&
-                   check_pack_crc(p, &w_curs, offset, datalen, revidx->nr))
-                       die("bad packed object CRC for %s", sha1_to_hex(entry->idx.sha1));
+                   check_pack_crc(p, &w_curs, offset, datalen, revidx->nr)) {
+                       error("bad packed object CRC for %s", sha1_to_hex(entry->idx.sha1));
+                       unuse_pack(&w_curs);
+                       goto no_reuse;
+               }
+
                offset += entry->in_pack_header_size;
                datalen -= entry->in_pack_header_size;
+               if (!pack_to_stdout && p->index_version == 1 &&
+                   check_pack_inflate(p, &w_curs, offset, datalen, entry->size)) {
+                       error("corrupt packed object for %s", sha1_to_hex(entry->idx.sha1));
+                       unuse_pack(&w_curs);
+                       goto no_reuse;
+               }
+
                if (type == OBJ_OFS_DELTA) {
                        off_t ofs = entry->idx.offset - entry->delta->idx.offset;
                        unsigned pos = sizeof(dheader) - 1;
                        dheader[pos] = ofs & 127;
                        while (ofs >>= 7)
                                dheader[--pos] = 128 | (--ofs & 127);
-                       if (limit && hdrlen + sizeof(dheader) - pos + datalen + 20 >= limit)
+                       if (limit && hdrlen + sizeof(dheader) - pos + datalen + 20 >= limit) {
+                               unuse_pack(&w_curs);
                                return 0;
+                       }
                        sha1write(f, header, hdrlen);
                        sha1write(f, dheader + pos, sizeof(dheader) - pos);
                        hdrlen += sizeof(dheader) - pos;
+                       reused_delta++;
                } else if (type == OBJ_REF_DELTA) {
-                       if (limit && hdrlen + 20 + datalen + 20 >= limit)
+                       if (limit && hdrlen + 20 + datalen + 20 >= limit) {
+                               unuse_pack(&w_curs);
                                return 0;
+                       }
                        sha1write(f, header, hdrlen);
                        sha1write(f, entry->delta->idx.sha1, 20);
                        hdrlen += 20;
+                       reused_delta++;
                } else {
-                       if (limit && hdrlen + datalen + 20 >= limit)
+                       if (limit && hdrlen + datalen + 20 >= limit) {
+                               unuse_pack(&w_curs);
                                return 0;
+                       }
                        sha1write(f, header, hdrlen);
                }
-
-               if (!pack_to_stdout && p->index_version == 1 &&
-                   check_pack_inflate(p, &w_curs, offset, datalen, entry->size))
-                       die("corrupt packed object for %s", sha1_to_hex(entry->idx.sha1));
                copy_pack_data(f, p, &w_curs, offset, datalen);
                unuse_pack(&w_curs);
                reused++;
@@ -464,9 +488,8 @@ static void write_pack_file(void)
                } else {
                        char tmpname[PATH_MAX];
                        int fd;
-                       snprintf(tmpname, sizeof(tmpname),
-                                "%s/tmp_pack_XXXXXX", get_object_directory());
-                       fd = xmkstemp(tmpname);
+                       fd = odb_mkstemp(tmpname, sizeof(tmpname),
+                                        "pack/tmp_pack_XXXXXX");
                        pack_tmp_name = xstrdup(tmpname);
                        f = sha1fd(fd, pack_tmp_name);
                }
@@ -511,12 +534,11 @@ static void write_pack_file(void)
 
                        snprintf(tmpname, sizeof(tmpname), "%s-%s.pack",
                                 base_name, sha1_to_hex(sha1));
+                       free_pack_by_name(tmpname);
                        if (adjust_perm(pack_tmp_name, mode))
-                               die("unable to make temporary pack file readable: %s",
-                                   strerror(errno));
+                               die_errno("unable to make temporary pack file readable");
                        if (rename(pack_tmp_name, tmpname))
-                               die("unable to rename temporary pack file: %s",
-                                   strerror(errno));
+                               die_errno("unable to rename temporary pack file");
 
                        /*
                         * Packs are runtime accessed in their mtime
@@ -542,11 +564,9 @@ static void write_pack_file(void)
                        snprintf(tmpname, sizeof(tmpname), "%s-%s.idx",
                                 base_name, sha1_to_hex(sha1));
                        if (adjust_perm(idx_tmp_name, mode))
-                               die("unable to make temporary index file readable: %s",
-                                   strerror(errno));
+                               die_errno("unable to make temporary index file readable");
                        if (rename(idx_tmp_name, tmpname))
-                               die("unable to rename temporary index file: %s",
-                                   strerror(errno));
+                               die_errno("unable to rename temporary index file");
 
                        free(idx_tmp_name);
                        free(pack_tmp_name);
@@ -629,8 +649,7 @@ static void rehash_objects(void)
 
 static unsigned name_hash(const char *name)
 {
-       unsigned char c;
-       unsigned hash = 0;
+       unsigned c, hash = 0;
 
        if (!name)
                return 0;
@@ -690,6 +709,9 @@ static int add_object_entry(const unsigned char *sha1, enum object_type type,
                return 0;
        }
 
+       if (!exclude && local && has_loose_object_nonlocal(sha1))
+               return 0;
+
        for (p = packed_git; p; p = p->next) {
                off_t offset = find_pack_entry_one(sha1, p);
                if (offset) {
@@ -703,6 +725,8 @@ static int add_object_entry(const unsigned char *sha1, enum object_type type,
                                return 0;
                        if (local && !p->pack_local)
                                return 0;
+                       if (ignore_packed_keep && p->pack_local && p->pack_keep)
+                               return 0;
                }
        }
 
@@ -984,6 +1008,33 @@ static void add_preferred_base(unsigned char *sha1)
        it->pcache.tree_size = size;
 }
 
+static void cleanup_preferred_base(void)
+{
+       struct pbase_tree *it;
+       unsigned i;
+
+       it = pbase_tree;
+       pbase_tree = NULL;
+       while (it) {
+               struct pbase_tree *this = it;
+               it = this->next;
+               free(this->pcache.tree_data);
+               free(this);
+       }
+
+       for (i = 0; i < ARRAY_SIZE(pbase_tree_cache); i++) {
+               if (!pbase_tree_cache[i])
+                       continue;
+               free(pbase_tree_cache[i]->tree_data);
+               free(pbase_tree_cache[i]);
+               pbase_tree_cache[i] = NULL;
+       }
+
+       free(done_pbase_paths);
+       done_pbase_paths = NULL;
+       done_pbase_paths_num = done_pbase_paths_alloc = 0;
+}
+
 static void check_object(struct object_entry *entry)
 {
        if (entry->in_pack) {
@@ -1002,9 +1053,11 @@ static void check_object(struct object_entry *entry)
                 * We want in_pack_type even if we do not reuse delta
                 * since non-delta representations could still be reused.
                 */
-               used = unpack_object_header_gently(buf, avail,
+               used = unpack_object_header_buffer(buf, avail,
                                                   &entry->in_pack_type,
                                                   &entry->size);
+               if (used == 0)
+                       goto give_up;
 
                /*
                 * Determine if this is a delta and if so whether we can
@@ -1016,6 +1069,8 @@ static void check_object(struct object_entry *entry)
                        /* Not a delta hence we've already got all we need. */
                        entry->type = entry->in_pack_type;
                        entry->in_pack_header_size = used;
+                       if (entry->type < OBJ_COMMIT || entry->type > OBJ_BLOB)
+                               goto give_up;
                        unuse_pack(&w_curs);
                        return;
                case OBJ_REF_DELTA:
@@ -1032,19 +1087,25 @@ static void check_object(struct object_entry *entry)
                        ofs = c & 127;
                        while (c & 128) {
                                ofs += 1;
-                               if (!ofs || MSB(ofs, 7))
-                                       die("delta base offset overflow in pack for %s",
-                                           sha1_to_hex(entry->idx.sha1));
+                               if (!ofs || MSB(ofs, 7)) {
+                                       error("delta base offset overflow in pack for %s",
+                                             sha1_to_hex(entry->idx.sha1));
+                                       goto give_up;
+                               }
                                c = buf[used_0++];
                                ofs = (ofs << 7) + (c & 127);
                        }
-                       if (ofs >= entry->in_pack_offset)
-                               die("delta base offset out of bound for %s",
-                                   sha1_to_hex(entry->idx.sha1));
                        ofs = entry->in_pack_offset - ofs;
+                       if (ofs <= 0 || ofs >= entry->in_pack_offset) {
+                               error("delta base offset out of bound for %s",
+                                     sha1_to_hex(entry->idx.sha1));
+                               goto give_up;
+                       }
                        if (reuse_delta && !entry->preferred_base) {
                                struct revindex_entry *revidx;
                                revidx = find_pack_revindex(p, ofs);
+                               if (!revidx)
+                                       goto give_up;
                                base_ref = nth_packed_object_sha1(p, revidx->nr);
                        }
                        entry->in_pack_header_size = used + used_0;
@@ -1064,6 +1125,7 @@ static void check_object(struct object_entry *entry)
                         */
                        entry->type = entry->in_pack_type;
                        entry->delta = base_entry;
+                       entry->delta_size = entry->size;
                        entry->delta_sibling = base_entry->delta_child;
                        base_entry->delta_child = entry;
                        unuse_pack(&w_curs);
@@ -1078,6 +1140,8 @@ static void check_object(struct object_entry *entry)
                         */
                        entry->size = get_size_from_delta(p, &w_curs,
                                        entry->in_pack_offset + entry->in_pack_header_size);
+                       if (entry->size == 0)
+                               goto give_up;
                        unuse_pack(&w_curs);
                        return;
                }
@@ -1087,6 +1151,7 @@ static void check_object(struct object_entry *entry)
                 * with sha1_object_info() to find about the object type
                 * at this point...
                 */
+               give_up:
                unuse_pack(&w_curs);
        }
 
@@ -1250,7 +1315,7 @@ static int try_delta(struct unpacked *trg, struct unpacked *src,
                max_size = trg_entry->delta_size;
                ref_depth = trg->depth;
        }
-       max_size = max_size * (max_depth - src->depth) /
+       max_size = (uint64_t)max_size * (max_depth - src->depth) /
                                                (max_depth - ref_depth + 1);
        if (max_size == 0)
                return 0;
@@ -1369,15 +1434,13 @@ static void find_deltas(struct object_entry **list, unsigned *list_size,
                        int window, int depth, unsigned *processed)
 {
        uint32_t i, idx = 0, count = 0;
-       unsigned int array_size = window * sizeof(struct unpacked);
        struct unpacked *array;
        unsigned long mem_usage = 0;
 
-       array = xmalloc(array_size);
-       memset(array, 0, array_size);
+       array = xcalloc(window, sizeof(struct unpacked));
 
        for (;;) {
-               struct object_entry *entry = *list++;
+               struct object_entry *entry;
                struct unpacked *n = array + idx;
                int j, max_depth, best_base = -1;
 
@@ -1386,6 +1449,7 @@ static void find_deltas(struct object_entry **list, unsigned *list_size,
                        progress_unlock();
                        break;
                }
+               entry = *list++;
                (*list_size)--;
                if (!entry->preferred_base) {
                        (*processed)++;
@@ -1562,18 +1626,26 @@ static void *threaded_find_deltas(void *arg)
 static void ll_find_deltas(struct object_entry **list, unsigned list_size,
                           int window, int depth, unsigned *processed)
 {
-       struct thread_params p[delta_search_threads];
+       struct thread_params *p;
        int i, ret, active_threads = 0;
 
        if (delta_search_threads <= 1) {
                find_deltas(list, &list_size, window, depth, processed);
                return;
        }
+       if (progress > pack_to_stdout)
+               fprintf(stderr, "Delta compression using up to %d threads.\n",
+                               delta_search_threads);
+       p = xcalloc(delta_search_threads, sizeof(*p));
 
        /* Partition the work amongst work threads. */
        for (i = 0; i < delta_search_threads; i++) {
                unsigned sub_size = list_size / (delta_search_threads - i);
 
+               /* don't use too small segments or no deltas will be found */
+               if (sub_size < 2*window && i+1 < delta_search_threads)
+                       sub_size = 0;
+
                p[i].window = window;
                p[i].depth = depth;
                p[i].processed = processed;
@@ -1673,6 +1745,7 @@ static void ll_find_deltas(struct object_entry **list, unsigned list_size,
                        active_threads--;
                }
        }
+       free(p);
 }
 
 #else
@@ -1699,6 +1772,16 @@ static void prepare_pack(int window, int depth)
 
        get_object_details();
 
+       /*
+        * If we're locally repacking then we need to be doubly careful
+        * from now on in order to make sure no stealth corruption gets
+        * propagated to the new pack.  Clients receiving streamed packs
+        * should validate everything they get anyway so no need to incur
+        * the additional cost here in that case.
+        */
+       if (!pack_to_stdout)
+               do_check_packed_object_crc = 1;
+
        if (!nr_objects || !window || !depth)
                return;
 
@@ -1754,7 +1837,7 @@ static void prepare_pack(int window, int depth)
 
 static int git_pack_config(const char *k, const char *v, void *cb)
 {
-       if(!strcmp(k, "pack.window")) {
+       if (!strcmp(k, "pack.window")) {
                window = git_config_int(k, v);
                return 0;
        }
@@ -1821,7 +1904,7 @@ static void read_object_list_from_stdin(void)
                        if (!ferror(stdin))
                                die("fgets returned NULL, not EOF, not error!");
                        if (errno != EINTR)
-                               die("fgets: %s", strerror(errno));
+                               die_errno("fgets");
                        clearerr(stdin);
                        continue;
                }
@@ -1842,17 +1925,25 @@ static void read_object_list_from_stdin(void)
 
 #define OBJECT_ADDED (1u<<20)
 
-static void show_commit(struct commit *commit)
+static void show_commit(struct commit *commit, void *data)
 {
        add_object_entry(commit->object.sha1, OBJ_COMMIT, NULL, 0);
        commit->object.flags |= OBJECT_ADDED;
 }
 
-static void show_object(struct object_array_entry *p)
+static void show_object(struct object *obj, const struct name_path *path, const char *last)
 {
-       add_preferred_base_object(p->name);
-       add_object_entry(p->item->sha1, p->item->type, p->name, 0);
-       p->item->flags |= OBJECT_ADDED;
+       char *name = path_name(path, last);
+
+       add_preferred_base_object(name);
+       add_object_entry(obj->sha1, obj->type, name, 0);
+       obj->flags |= OBJECT_ADDED;
+
+       /*
+        * We will have generated the hash from the name,
+        * but not saved a pointer to it - we can free it
+        */
+       free((char *)name);
 }
 
 static void show_edge(struct commit *commit)
@@ -1907,11 +1998,7 @@ static void add_objects_in_unpacked_packs(struct rev_info *revs)
                const unsigned char *sha1;
                struct object *o;
 
-               for (i = 0; i < revs->num_ignore_packed; i++) {
-                       if (matches_pack_name(p, revs->ignore_packed[i]))
-                               break;
-               }
-               if (revs->num_ignore_packed <= i)
+               if (!p->pack_local || p->pack_keep)
                        continue;
                if (open_pack_index(p))
                        die("cannot open pack index");
@@ -1940,6 +2027,29 @@ static void add_objects_in_unpacked_packs(struct rev_info *revs)
        free(in_pack.array);
 }
 
+static int has_sha1_pack_kept_or_nonlocal(const unsigned char *sha1)
+{
+       static struct packed_git *last_found = (void *)1;
+       struct packed_git *p;
+
+       p = (last_found != (void *)1) ? last_found : packed_git;
+
+       while (p) {
+               if ((!p->pack_local || p->pack_keep) &&
+                       find_pack_entry_one(sha1, p)) {
+                       last_found = p;
+                       return 1;
+               }
+               if (p == last_found)
+                       p = packed_git;
+               else
+                       p = p->next;
+               if (p == last_found)
+                       p = p->next;
+       }
+       return 0;
+}
+
 static void loosen_unused_packed_objects(struct rev_info *revs)
 {
        struct packed_git *p;
@@ -1947,11 +2057,7 @@ static void loosen_unused_packed_objects(struct rev_info *revs)
        const unsigned char *sha1;
 
        for (p = packed_git; p; p = p->next) {
-               for (i = 0; i < revs->num_ignore_packed; i++) {
-                       if (matches_pack_name(p, revs->ignore_packed[i]))
-                               break;
-               }
-               if (revs->num_ignore_packed <= i)
+               if (!p->pack_local || p->pack_keep)
                        continue;
 
                if (open_pack_index(p))
@@ -1959,7 +2065,8 @@ static void loosen_unused_packed_objects(struct rev_info *revs)
 
                for (i = 0; i < p->num_objects; i++) {
                        sha1 = nth_packed_object_sha1(p, i);
-                       if (!locate_object_entry(sha1))
+                       if (!locate_object_entry(sha1) &&
+                               !has_sha1_pack_kept_or_nonlocal(sha1))
                                if (force_object_loose(sha1, p->mtime))
                                        die("unable to force loose object");
                }
@@ -1996,7 +2103,7 @@ static void get_object_list(int ac, const char **av)
        if (prepare_revision_walk(&revs))
                die("revision walk setup failed");
        mark_edges_uninteresting(revs.commits, &revs, show_edge);
-       traverse_commit_list(&revs, show_commit, show_object);
+       traverse_commit_list(&revs, show_commit, show_object, NULL);
 
        if (keep_unreachable)
                add_objects_in_unpacked_packs(&revs);
@@ -2020,6 +2127,8 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix)
        int rp_ac_alloc = 64;
        int rp_ac;
 
+       read_replace_refs = 0;
+
        rp_av = xcalloc(rp_ac_alloc, sizeof(*rp_av));
 
        rp_av[0] = "pack-objects";
@@ -2049,6 +2158,10 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix)
                        incremental = 1;
                        continue;
                }
+               if (!strcmp("--honor-pack-keep", arg)) {
+                       ignore_packed_keep = 1;
+                       continue;
+               }
                if (!prefixcmp(arg, "--compression=")) {
                        char *end;
                        int level = strtoul(arg+14, &end, 0);
@@ -2145,7 +2258,6 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix)
                        continue;
                }
                if (!strcmp("--unpacked", arg) ||
-                   !prefixcmp(arg, "--unpacked=") ||
                    !strcmp("--reflog", arg) ||
                    !strcmp("--all", arg)) {
                        use_internal_rev_list = 1;
@@ -2174,6 +2286,10 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix)
                                die("bad %s", arg);
                        continue;
                }
+               if (!strcmp(arg, "--keep-true-parents")) {
+                       grafts_replace_parents = 0;
+                       continue;
+               }
                usage(pack_usage);
        }
 
@@ -2223,6 +2339,7 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix)
                rp_av[rp_ac] = NULL;
                get_object_list(rp_ac, rp_av);
        }
+       cleanup_preferred_base();
        if (include_tag && nr_result)
                for_each_ref(add_ref_tag, NULL);
        stop_progress(&progress_state);