From: Stefan Sperling Subject: fix crash during pack creation in ports.git To: gameoftrees@openbsd.org Date: Mon, 9 Jan 2023 16:49:11 +0100 While testing my gotd-session patch with ports.git I came across unrelated bugs which are fixed by the three commits below. The bugs are triggered by a PLIST file in the ports tree which is 8.5MB in size and hence exceeds GOT_DELTA_RESULT_SIZE_CACHED_MAX. To understand the 3rd and final fix, it helps to look at what got_object_read_raw() in object_parse.c is doing with max_in_mem_size. With these changes, gotd can serve clones of ports.git successfully. ok? ----------------------------------------------- commit a2f9c136c5777848486b295515520f53091b7a8d from: Stefan Sperling date: Mon Jan 9 15:44:12 2023 UTC fix *size not being passed out of read_packed_object_raw() diff 0b3f028dffa4ecc7aa72dc9132d53e9d056cc36f a2f9c136c5777848486b295515520f53091b7a8d commit - 0b3f028dffa4ecc7aa72dc9132d53e9d056cc36f commit + a2f9c136c5777848486b295515520f53091b7a8d blob - d9f3910f84cec758f9f922c95b27d9d4d35e5151 blob + a03f6638af6fa2dafb07d148594a09931cb82389 --- lib/object_open_io.c +++ lib/object_open_io.c @@ -218,6 +218,7 @@ read_packed_object_raw(uint8_t **outbuf, off_t *size, accumfile); if (err) goto done; + *size = obj->size; } *hdrlen = obj->hdrlen; ----------------------------------------------- commit 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 from: Stefan Sperling date: Mon Jan 9 15:44:12 2023 UTC adjust a misleading error message in got_object_raw_alloc() diff a2f9c136c5777848486b295515520f53091b7a8d 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 commit - a2f9c136c5777848486b295515520f53091b7a8d commit + 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 blob - 9834b049e72a099055a8c44dc2b896abe7ad2ec3 blob + 54e293a9edcae0e19c86ba7f2094cf5c456ff12a --- lib/object.c +++ lib/object.c @@ -981,7 +981,8 @@ got_object_raw_alloc(struct got_raw_object **obj, uint } if (sb.st_size != tot) { - err = got_error(GOT_ERR_PRIVSEP_LEN); + err = got_error_msg(GOT_ERR_BAD_OBJ_HDR, + "raw object has unexpected size"); goto done; } #ifndef GOT_PACK_NO_MMAP ----------------------------------------------- commit 7bc3baa6dc994b548ed7f19455989f81eb44b2e7 (main) from: Stefan Sperling date: Mon Jan 9 15:44:12 2023 UTC use a caller-specified size limit for mapped files in got_object_raw_alloc() Without this we end up being confused about whether a raw object has been mapped into memory, leading to crashes. diff 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 7bc3baa6dc994b548ed7f19455989f81eb44b2e7 commit - 234a4cbbd6b652ec211442cfd4c468e6e8e8ef38 commit + 7bc3baa6dc994b548ed7f19455989f81eb44b2e7 blob - f0d614fbd97c672d8ebb6442ea09ea11e0d3e929 blob + 0272a5dfbad3568d5ae28e7d1c782d936770da89 --- lib/got_lib_object.h +++ lib/got_lib_object.h @@ -155,4 +155,4 @@ const struct got_error *got_object_raw_alloc(struct go struct got_packidx *, struct got_repository *); const struct got_error *got_object_raw_alloc(struct got_raw_object **, - uint8_t *, int *, size_t, off_t); + uint8_t *, int *, size_t, size_t, off_t); blob - 54e293a9edcae0e19c86ba7f2094cf5c456ff12a blob + 52e7c967c9cc041ec94d6baa8ab706eb7434b845 --- lib/object.c +++ lib/object.c @@ -956,7 +956,7 @@ got_object_raw_alloc(struct got_raw_object **obj, uint const struct got_error * got_object_raw_alloc(struct got_raw_object **obj, uint8_t *outbuf, int *outfd, - size_t hdrlen, off_t size) + size_t max_in_mem_size, size_t hdrlen, off_t size) { const struct got_error *err = NULL; off_t tot; @@ -986,7 +986,7 @@ got_object_raw_alloc(struct got_raw_object **obj, uint goto done; } #ifndef GOT_PACK_NO_MMAP - if (tot > 0 && tot <= SIZE_MAX) { + if (tot > 0 && tot <= max_in_mem_size) { (*obj)->data = mmap(NULL, tot, PROT_READ, MAP_PRIVATE, *outfd, 0); if ((*obj)->data == MAP_FAILED) { blob - a03f6638af6fa2dafb07d148594a09931cb82389 blob + 312719b3bcc84abe056dab97015657c4a30442f6 --- lib/object_open_io.c +++ lib/object_open_io.c @@ -311,7 +311,8 @@ got_object_raw_open(struct got_raw_object **obj, int * goto done; } - err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size); + err = got_object_raw_alloc(obj, outbuf, outfd, + GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size); if (err) goto done; blob - 6f73aedbe642980b4fa794ca183e7f24c6239c85 blob + 86db216cc1bca6e3651b62b90bb2d68c238065dd --- lib/object_open_privsep.c +++ lib/object_open_privsep.c @@ -509,7 +509,8 @@ got_object_raw_open(struct got_raw_object **obj, int * goto done; } - err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size); + err = got_object_raw_alloc(obj, outbuf, outfd, + GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size); if (err) goto done;