Skip to content

Commit

Permalink
Document why header parsing won't exceed a window.
Browse files Browse the repository at this point in the history
When we parse the object header or the delta base reference we
don't bother to loop over use_pack() calls.  The reason we don't
need to bother with calling use_pack for each byte accessed is that
use_pack will always promise us at least 20 bytes (really the hash
size) after the offset.  This promise from use_pack simplifies a
lot of code in the header parsing logic, as well as helps out the
zlib library by ensuring there's always some data for it to consume
during an inflate call.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
  • Loading branch information
Shawn O. Pearce authored and Junio C Hamano committed Dec 29, 2006
1 parent 079afb1 commit 8d8a4ea
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions sha1_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -903,10 +903,12 @@ static unsigned long get_delta_base(struct packed_git *p,
unsigned char *base_info = use_pack(p, w_curs, offset, NULL);
unsigned long base_offset;

/* there must be at least 20 bytes left regardless of delta type */
if (p->pack_size <= offset + 20)
die("truncated pack file");

/* use_pack() assured us we have [base_info, base_info + 20)
* as a range that we can look at without walking off the
* end of the mapped window. Its actually the hash size
* that is assured. An OFS_DELTA longer than the hash size
* is stupid, as then a REF_DELTA would be smaller to store.
*/
if (kind == OBJ_OFS_DELTA) {
unsigned used = 0;
unsigned char c = base_info[used++];
Expand Down Expand Up @@ -1009,6 +1011,12 @@ static unsigned long unpack_object_header(struct packed_git *p,
unsigned int left;
unsigned long used;

/* use_pack() assures us we have [base, base + 20) available
* as a range that we can look at at. (Its actually the hash
* size that is assurred.) With our object header encoding
* the maximum deflated object size is 2^137, which is just
* insane, so we know won't exceed what we have been given.
*/
base = use_pack(p, w_curs, offset, &left);
used = unpack_object_header_gently(base, left, type, sizep);
if (!used)
Expand Down

0 comments on commit 8d8a4ea

Please sign in to comment.