"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
fix crash during pack creation in ports.git
To:
gameoftrees@openbsd.org
Date:
Mon, 9 Jan 2023 16:49:11 +0100

Download raw body.

Thread
While testing my gotd-session patch with ports.git I came across
unrelated bugs which are fixed by the three commits below.

The bugs are triggered by a PLIST file in the ports tree which is
8.5MB in size and hence exceeds GOT_DELTA_RESULT_SIZE_CACHED_MAX.

To understand the 3rd and final fix, it helps to look at what
got_object_read_raw() in object_parse.c is doing with max_in_mem_size.

With these changes, gotd can serve clones of ports.git successfully.

ok?

-----------------------------------------------
commit a2f9c136c5777848486b295515520f53091b7a8d
from: Stefan Sperling <stsp@stsp.name>
date: Mon Jan  9 15:44:12 2023 UTC
 
 fix *size not being passed out of read_packed_object_raw()
 
diff 0b3f028dffa4ecc7aa72dc9132d53e9d056cc36f a2f9c136c5777848486b295515520f53091b7a8d
commit - 0b3f028dffa4ecc7aa72dc9132d53e9d056cc36f
commit + a2f9c136c5777848486b295515520f53091b7a8d
blob - d9f3910f84cec758f9f922c95b27d9d4d35e5151
blob + a03f6638af6fa2dafb07d148594a09931cb82389
--- lib/object_open_io.c
+++ lib/object_open_io.c
@@ -218,6 +218,7 @@ read_packed_object_raw(uint8_t **outbuf, off_t *size, 
 		    accumfile);
 		if (err)
 			goto done;
+		*size = obj->size;
 	}
 
 	*hdrlen = obj->hdrlen;

-----------------------------------------------
commit 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38
from: Stefan Sperling <stsp@stsp.name>
date: Mon Jan  9 15:44:12 2023 UTC
 
 adjust a misleading error message in got_object_raw_alloc()
 
diff a2f9c136c5777848486b295515520f53091b7a8d 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38
commit - a2f9c136c5777848486b295515520f53091b7a8d
commit + 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38
blob - 9834b049e72a099055a8c44dc2b896abe7ad2ec3
blob + 54e293a9edcae0e19c86ba7f2094cf5c456ff12a
--- lib/object.c
+++ lib/object.c
@@ -981,7 +981,8 @@ got_object_raw_alloc(struct got_raw_object **obj, uint
 		}
 
 		if (sb.st_size != tot) {
-			err = got_error(GOT_ERR_PRIVSEP_LEN);
+			err = got_error_msg(GOT_ERR_BAD_OBJ_HDR,
+			    "raw object has unexpected size");
 			goto done;
 		}
 #ifndef GOT_PACK_NO_MMAP

-----------------------------------------------
commit 7bc3baa6dc994b548ed7f19455989f81eb44b2e7 (main)
from: Stefan Sperling <stsp@stsp.name>
date: Mon Jan  9 15:44:12 2023 UTC
 
 use a caller-specified size limit for mapped files in got_object_raw_alloc()
  
 Without this we end up being confused about whether a raw object has
 been mapped into memory, leading to crashes.
 
diff 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 7bc3baa6dc994b548ed7f19455989f81eb44b2e7
commit - 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38
commit + 7bc3baa6dc994b548ed7f19455989f81eb44b2e7
blob - f0d614fbd97c672d8ebb6442ea09ea11e0d3e929
blob + 0272a5dfbad3568d5ae28e7d1c782d936770da89
--- lib/got_lib_object.h
+++ lib/got_lib_object.h
@@ -155,4 +155,4 @@ const struct got_error *got_object_raw_alloc(struct go
     struct got_packidx *, struct got_repository *);
 
 const struct got_error *got_object_raw_alloc(struct got_raw_object **,
-    uint8_t *, int *, size_t, off_t);
+    uint8_t *, int *, size_t, size_t, off_t);
blob - 54e293a9edcae0e19c86ba7f2094cf5c456ff12a
blob + 52e7c967c9cc041ec94d6baa8ab706eb7434b845
--- lib/object.c
+++ lib/object.c
@@ -956,7 +956,7 @@ got_object_raw_alloc(struct got_raw_object **obj, uint
 
 const struct got_error *
 got_object_raw_alloc(struct got_raw_object **obj, uint8_t *outbuf, int *outfd,
-    size_t hdrlen, off_t size)
+    size_t max_in_mem_size, size_t hdrlen, off_t size)
 {
 	const struct got_error *err = NULL;
 	off_t tot;
@@ -986,7 +986,7 @@ got_object_raw_alloc(struct got_raw_object **obj, uint
 			goto done;
 		}
 #ifndef GOT_PACK_NO_MMAP
-		if (tot > 0 && tot <= SIZE_MAX) {
+		if (tot > 0 && tot <= max_in_mem_size) {
 			(*obj)->data = mmap(NULL, tot, PROT_READ,
 			    MAP_PRIVATE, *outfd, 0);
 			if ((*obj)->data == MAP_FAILED) {
blob - a03f6638af6fa2dafb07d148594a09931cb82389
blob + 312719b3bcc84abe056dab97015657c4a30442f6
--- lib/object_open_io.c
+++ lib/object_open_io.c
@@ -311,7 +311,8 @@ got_object_raw_open(struct got_raw_object **obj, int *
 			goto done;
 	}
 
-	err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size);
+	err = got_object_raw_alloc(obj, outbuf, outfd,
+	    GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size);
 	if (err)
 		goto done;
 
blob - 6f73aedbe642980b4fa794ca183e7f24c6239c85
blob + 86db216cc1bca6e3651b62b90bb2d68c238065dd
--- lib/object_open_privsep.c
+++ lib/object_open_privsep.c
@@ -509,7 +509,8 @@ got_object_raw_open(struct got_raw_object **obj, int *
 			goto done;
 	}
 
-	err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size);
+	err = got_object_raw_alloc(obj, outbuf, outfd,
+	    GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size);
 	if (err)
 		goto done;