From: "Omar Polo" Subject: Re: fix off-by-one causing invalid deltas To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Mon, 21 Jul 2025 23:39:10 +0200 Stefan Sperling wrote: > I found a seperate bug while trying to write a test for the problem > reported by Aaron. > > When deltification attempts to stretch a common block of data to the > maximum possible size, we have an off-by-one which can cause the block > to be larger than the maximum block size which can be represented in > an encoded delta. The result is an invalid delta which does not copy > enough data and gets flagged by both gotadmin indexpack and git index-pack. > > The new regression test included with this patch triggers the problem: > > got-index-pack: delta application result size mismatch: \ > actual: 65536 expected: 16777216: bad delta > > 16777216 in the error above equals (1 << 24) > > The problem is on this line, where we effectively need - 2 instead of - 1: > > while (buf_equal && *blocklen < (1 << 24) - 1) { > > Also, the inner loop which runs (*blocklen)++ without a bounds check > could end up moving *blocklen way past the limit. > > I am including the diff I already sent earlier with Subject > "delta.c overrides errors in some cases" > because diagnostic changes I made depend on this other diff. > I would commit them separately. > > ok? another great catch! :) diffs looks good to me, ok op@ (and sorry that i missed the "delta.c overrids errors in some cases")