3 test_description
='bounds-checking of access to mmapped on-disk file formats'
7 test_when_finished
'restore_base' &&
12 cp base-backup
/* .git
/objects
/pack
/
16 pack_objects
=$1; shift
18 for i
in $pack_objects
21 done | git pack-objects
"$@" .git
/objects
/pack
/pack
23 pack
=.git
/objects
/pack
/pack-
$sha1.pack
&&
24 idx
=.git
/objects
/pack
/pack-
$sha1.idx
&&
25 chmod +w
$pack $idx &&
26 test_when_finished
'rm -f "$pack" "$idx"'
30 printf "$3" |
dd of
="$1" bs
=1 conv
=notrunc seek
=$2
33 # Offset in a v2 .idx to its initial and extended offset tables. For an index
34 # with "nr" objects, this is:
36 # magic(4) + version(4) + fan-out(4*256) + sha1s(20*nr) + crc(4*nr),
38 # for the initial, and another ofs(4*nr) past that for the extended.
41 echo $
((4 + 4 + 4*256 + $
(test_oid rawsz
)*$1 + 4*$1))
44 echo $
(($
(ofs_table
"$1") + 4*$1))
47 test_expect_success
'setup' '
57 test_expect_success
'set up base packfile and variables' '
58 # the hash of this content starts with ff, which
59 # makes some later computations much simpler
60 echo $(test_oid oidfff) >file &&
64 base=$(echo .git/objects/pack/*) &&
67 cp $base base-backup/ &&
68 object=$(git rev-parse HEAD:file)
71 test_expect_success
'pack/index object count mismatch' '
73 munge $pack 8 "\377\0\0\0" &&
76 # We enumerate the objects from the completely-fine
77 # .idx, but notice later that the .pack is bogus
78 # and fail to show any data.
79 echo "$object missing" >expect &&
80 git cat-file --batch-all-objects --batch-check >actual &&
81 test_cmp expect actual &&
83 # ...and here fail to load the object (without segfaulting),
84 # but fallback to a good copy if available.
85 test_must_fail git cat-file blob $object &&
87 git cat-file blob $object >actual &&
88 test_cmp file actual &&
90 # ...and make sure that index-pack --verify, which has its
91 # own reading routines, does not segfault.
92 test_must_fail git index-pack --verify $pack
95 test_expect_success
'matched bogus object count' '
97 munge $pack 8 "\377\0\0\0" &&
98 munge $idx $((255 * 4)) "\377\0\0\0" &&
101 # Unlike above, we should notice early that the .idx is totally
102 # bogus, and not even enumerate its contents.
103 git cat-file --batch-all-objects --batch-check >actual &&
104 test_must_be_empty actual &&
106 # But as before, we can do the same object-access checks.
107 test_must_fail git cat-file blob $object &&
109 git cat-file blob $object >actual &&
110 test_cmp file actual &&
112 test_must_fail git index-pack --verify $pack
115 # Note that we cannot check the fallback case for these
116 # further .idx tests, as we notice the problem in functions
117 # whose interface doesn't allow an error return (like use_pack()),
118 # and thus we just die().
120 # There's also no point in doing enumeration tests, as
121 # we are munging offsets here, which are about looking up
124 test_expect_success
'bogus object offset (v1)' '
125 do_pack $object --index-version=1 &&
126 munge $idx $((4 * 256)) "\377\0\0\0" &&
128 test_must_fail git cat-file blob $object &&
129 test_must_fail git index-pack --verify $pack
132 test_expect_success
'bogus object offset (v2, no msb)' '
133 do_pack $object --index-version=2 &&
134 munge $idx $(ofs_table 1) "\0\377\0\0" &&
136 test_must_fail git cat-file blob $object &&
137 test_must_fail git index-pack --verify $pack
140 test_expect_success
'bogus offset into v2 extended table' '
141 do_pack $object --index-version=2 &&
142 munge $idx $(ofs_table 1) "\377\0\0\0" &&
144 test_must_fail git cat-file blob $object &&
145 test_must_fail git index-pack --verify $pack
148 test_expect_success
'bogus offset inside v2 extended table' '
149 # We need two objects here, so we can plausibly require
150 # an extended table (if the first object were larger than 2^31).
152 # Note that the value is important here. We want $object as
153 # the second entry in sorted-hash order. The hash of this object starts
154 # with "000", which sorts before that of $object (which starts
156 second=$(test_oid oid000 | git hash-object -w --stdin) &&
157 do_pack "$object $second" --index-version=2 &&
159 # We have to make extra room for the table, so we cannot
160 # just munge in place as usual.
162 dd if=$idx bs=1 count=$(($(ofs_table 2) + 4)) &&
163 printf "\200\0\0\0" &&
164 printf "\377\0\0\0\0\0\0\0" &&
165 dd if=$idx bs=1 skip=$(extended_table 2)
169 test_must_fail git cat-file blob $object &&
170 test_must_fail git index-pack --verify $pack
173 test_expect_success
'bogus OFS_DELTA in packfile' '
174 # Generate a pack with a delta in it.
175 base=$(test-tool genrandom foo 3000 | git hash-object --stdin -w) &&
176 delta=$(test-tool genrandom foo 2000 | git hash-object --stdin -w) &&
177 do_pack "$base $delta" --delta-base-offset &&
178 rm -f .git/objects/??/* &&
180 # Double check that we have the delta we expect.
181 echo $base >expect &&
182 echo $delta | git cat-file --batch-check="%(deltabase)" >actual &&
183 test_cmp expect actual &&
185 # Now corrupt it. We assume the varint size for the delta is small
186 # enough to fit in the first byte (which it should be, since it
187 # is a pure deletion from the base), and that original ofs_delta
188 # takes 2 bytes (which it should, as it should be ~3000).
189 ofs=$(git show-index <$idx | grep $delta | cut -d" " -f1) &&
190 munge $pack $(($ofs + 1)) "\177\377" &&
191 test_must_fail git cat-file blob $delta >/dev/null