From 9064d87b06f3d0b4ca0aabb45770eefb84fc3ca2 Mon Sep 17 00:00:00 2001 From: "Shawn O. Pearce" Date: Sat, 25 Aug 2007 03:26:04 -0400 Subject: [PATCH] Don't segfault if we failed to inflate a packed delta Under some types of packfile corruption the zlib stream holding the data for a delta within a packfile may fail to inflate, due to say a CRC failure within the compressed data itself. When this occurs the unpack_compressed_entry function will return NULL as a signal to the caller that the data is not available. Unfortunately we then tried to use that NULL as though it referenced a memory location where a delta was stored and tried to apply it to the delta base. Loading a byte from the NULL address typically causes a SIGSEGV. cate on #git noticed this failure in `git fsck --full` where the call to verify_pack() first noticed that the packfile was corrupt by finding that the packfile's SHA-1 did not match the raw data of the file. After finding this fsck went ahead and tried to verify every object within the packfile, even though the packfile was already known to be bad. If we are going to shovel bad data at the delta unpacking code, we better handle it correctly. Signed-off-by: Shawn O. Pearce Signed-off-by: Junio C Hamano --- sha1_file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sha1_file.c b/sha1_file.c index b219d4d5f2..9978a58da6 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1570,6 +1570,10 @@ static void *unpack_delta_entry(struct packed_git *p, (uintmax_t)base_offset, p->pack_name); delta_data = unpack_compressed_entry(p, w_curs, curpos, delta_size); + if (!delta_data) + die("failed to unpack compressed delta" + " at %"PRIuMAX" from %s", + (uintmax_t)curpos, p->pack_name); result = patch_delta(base, base_size, delta_data, delta_size, sizep);