search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
builtin/commit.c: use xstrdup_or_null instead of envdup
[git.git] / sha1_file.c
blobaaa3c52869fdab5ca17872f43fd0354ccb55cb55
1 /*
2 * GIT - The information manager from hell
3 *
4 * Copyright (C) Linus Torvalds, 2005
5 *
6 * This handles basic git sha1 object files - packing, unpacking,
7 * creation etc.
8 */
9 #include "cache.h"
10 #include "string-list.h"
11 #include "delta.h"
12 #include "pack.h"
13 #include "blob.h"
14 #include "commit.h"
15 #include "run-command.h"
16 #include "tag.h"
17 #include "tree.h"
18 #include "tree-walk.h"
19 #include "refs.h"
20 #include "pack-revindex.h"
21 #include "sha1-lookup.h"
22 #include "bulk-checkin.h"
23 #include "streaming.h"
24 #include "dir.h"
25
26 #ifndef O_NOATIME
27 #if defined(__linux__) && (defined(__i386__) || defined(__PPC__))
28 #define O_NOATIME 01000000
29 #else
30 #define O_NOATIME 0
31 #endif
32 #endif
33
34 #define SZ_FMT PRIuMAX
35 static inline uintmax_t sz_fmt(size_t s) { return s; }
36
37 const unsigned char null_sha1[20];
38
39 /*
40 * This is meant to hold a *small* number of objects that you would
41 * want read_sha1_file() to be able to return, but yet you do not want
42 * to write them into the object store (e.g. a browse-only
43 * application).
44 */
45 static struct cached_object {
46 unsigned char sha1[20];
47 enum object_type type;
48 void *buf;
49 unsigned long size;
50 } *cached_objects;
51 static int cached_object_nr, cached_object_alloc;
52
53 static struct cached_object empty_tree = {
54 EMPTY_TREE_SHA1_BIN_LITERAL,
55 OBJ_TREE,
56 "",
57 0
58 };
59
60 /*
61 * A pointer to the last packed_git in which an object was found.
62 * When an object is sought, we look in this packfile first, because
63 * objects that are looked up at similar times are often in the same
64 * packfile as one another.
65 */
66 static struct packed_git *last_found_pack;
67
68 static struct cached_object *find_cached_object(const unsigned char *sha1)
69 {
70 int i;
71 struct cached_object *co = cached_objects;
72
73 for (i = 0; i < cached_object_nr; i++, co++) {
74 if (!hashcmp(co->sha1, sha1))
75 return co;
76 }
77 if (!hashcmp(sha1, empty_tree.sha1))
78 return &empty_tree;
79 return NULL;
80 }
81
82 int mkdir_in_gitdir(const char *path)
83 {
84 if (mkdir(path, 0777)) {
85 int saved_errno = errno;
86 struct stat st;
87 struct strbuf sb = STRBUF_INIT;
88
89 if (errno != EEXIST)
90 return -1;
91 /*
92 * Are we looking at a path in a symlinked worktree
93 * whose original repository does not yet have it?
94 * e.g. .git/rr-cache pointing at its original
95 * repository in which the user hasn't performed any
96 * conflict resolution yet?
97 */
98 if (lstat(path, &st) || !S_ISLNK(st.st_mode) ||
99 strbuf_readlink(&sb, path, st.st_size) ||
100 !is_absolute_path(sb.buf) ||
101 mkdir(sb.buf, 0777)) {
102 strbuf_release(&sb);
103 errno = saved_errno;
104 return -1;
105 }
106 strbuf_release(&sb);
107 }
108 return adjust_shared_perm(path);
109 }
110
111 enum scld_error safe_create_leading_directories(char *path)
112 {
113 char *next_component = path + offset_1st_component(path);
114 enum scld_error ret = SCLD_OK;
115
116 while (ret == SCLD_OK && next_component) {
117 struct stat st;
118 char *slash = next_component, slash_character;
119
120 while (*slash && !is_dir_sep(*slash))
121 slash++;
122
123 if (!*slash)
124 break;
125
126 next_component = slash + 1;
127 while (is_dir_sep(*next_component))
128 next_component++;
129 if (!*next_component)
130 break;
131
132 slash_character = *slash;
133 *slash = '\0';
134 if (!stat(path, &st)) {
135 /* path exists */
136 if (!S_ISDIR(st.st_mode))
137 ret = SCLD_EXISTS;
138 } else if (mkdir(path, 0777)) {
139 if (errno == EEXIST &&
140 !stat(path, &st) && S_ISDIR(st.st_mode))
141 ; /* somebody created it since we checked */
142 else if (errno == ENOENT)
143 /*
144 * Either mkdir() failed because
145 * somebody just pruned the containing
146 * directory, or stat() failed because
147 * the file that was in our way was
148 * just removed. Either way, inform
149 * the caller that it might be worth
150 * trying again:
151 */
152 ret = SCLD_VANISHED;
153 else
154 ret = SCLD_FAILED;
155 } else if (adjust_shared_perm(path)) {
156 ret = SCLD_PERMS;
157 }
158 *slash = slash_character;
159 }
160 return ret;
161 }
162
163 enum scld_error safe_create_leading_directories_const(const char *path)
164 {
165 /* path points to cache entries, so xstrdup before messing with it */
166 char *buf = xstrdup(path);
167 enum scld_error result = safe_create_leading_directories(buf);
168 free(buf);
169 return result;
170 }
171
172 static void fill_sha1_path(char *pathbuf, const unsigned char *sha1)
173 {
174 int i;
175 for (i = 0; i < 20; i++) {
176 static char hex[] = "0123456789abcdef";
177 unsigned int val = sha1[i];
178 char *pos = pathbuf + i*2 + (i > 0);
179 *pos++ = hex[val >> 4];
180 *pos = hex[val & 0xf];
181 }
182 }
183
184 const char *sha1_file_name(const unsigned char *sha1)
185 {
186 static char buf[PATH_MAX];
187 const char *objdir;
188 int len;
189
190 objdir = get_object_directory();
191 len = strlen(objdir);
192
193 /* '/' + sha1(2) + '/' + sha1(38) + '\0' */
194 if (len + 43 > PATH_MAX)
195 die("insanely long object directory %s", objdir);
196 memcpy(buf, objdir, len);
197 buf[len] = '/';
198 buf[len+3] = '/';
199 buf[len+42] = '\0';
200 fill_sha1_path(buf + len + 1, sha1);
201 return buf;
202 }
203
204 /*
205 * Return the name of the pack or index file with the specified sha1
206 * in its filename. *base and *name are scratch space that must be
207 * provided by the caller. which should be "pack" or "idx".
208 */
209 static char *sha1_get_pack_name(const unsigned char *sha1,
210 char **name, char **base, const char *which)
211 {
212 static const char hex[] = "0123456789abcdef";
213 char *buf;
214 int i;
215
216 if (!*base) {
217 const char *sha1_file_directory = get_object_directory();
218 int len = strlen(sha1_file_directory);
219 *base = xmalloc(len + 60);
220 sprintf(*base, "%s/pack/pack-1234567890123456789012345678901234567890.%s",
221 sha1_file_directory, which);
222 *name = *base + len + 11;
223 }
224
225 buf = *name;
226
227 for (i = 0; i < 20; i++) {
228 unsigned int val = *sha1++;
229 *buf++ = hex[val >> 4];
230 *buf++ = hex[val & 0xf];
231 }
232
233 return *base;
234 }
235
236 char *sha1_pack_name(const unsigned char *sha1)
237 {
238 static char *name, *base;
239
240 return sha1_get_pack_name(sha1, &name, &base, "pack");
241 }
242
243 char *sha1_pack_index_name(const unsigned char *sha1)
244 {
245 static char *name, *base;
246
247 return sha1_get_pack_name(sha1, &name, &base, "idx");
248 }
249
250 struct alternate_object_database *alt_odb_list;
251 static struct alternate_object_database **alt_odb_tail;
252
253 /*
254 * Prepare alternate object database registry.
255 *
256 * The variable alt_odb_list points at the list of struct
257 * alternate_object_database. The elements on this list come from
258 * non-empty elements from colon separated ALTERNATE_DB_ENVIRONMENT
259 * environment variable, and $GIT_OBJECT_DIRECTORY/info/alternates,
260 * whose contents is similar to that environment variable but can be
261 * LF separated. Its base points at a statically allocated buffer that
262 * contains "/the/directory/corresponding/to/.git/objects/...", while
263 * its name points just after the slash at the end of ".git/objects/"
264 * in the example above, and has enough space to hold 40-byte hex
265 * SHA1, an extra slash for the first level indirection, and the
266 * terminating NUL.
267 */
268 static int link_alt_odb_entry(const char *entry, const char *relative_base,
269 int depth, const char *normalized_objdir)
270 {
271 struct alternate_object_database *ent;
272 struct alternate_object_database *alt;
273 int pfxlen, entlen;
274 struct strbuf pathbuf = STRBUF_INIT;
275
276 if (!is_absolute_path(entry) && relative_base) {
277 strbuf_addstr(&pathbuf, real_path(relative_base));
278 strbuf_addch(&pathbuf, '/');
279 }
280 strbuf_addstr(&pathbuf, entry);
281
282 normalize_path_copy(pathbuf.buf, pathbuf.buf);
283
284 pfxlen = strlen(pathbuf.buf);
285
286 /*
287 * The trailing slash after the directory name is given by
288 * this function at the end. Remove duplicates.
289 */
290 while (pfxlen && pathbuf.buf[pfxlen-1] == '/')
291 pfxlen -= 1;
292
293 entlen = pfxlen + 43; /* '/' + 2 hex + '/' + 38 hex + NUL */
294 ent = xmalloc(sizeof(*ent) + entlen);
295 memcpy(ent->base, pathbuf.buf, pfxlen);
296 strbuf_release(&pathbuf);
297
298 ent->name = ent->base + pfxlen + 1;
299 ent->base[pfxlen + 3] = '/';
300 ent->base[pfxlen] = ent->base[entlen-1] = 0;
301
302 /* Detect cases where alternate disappeared */
303 if (!is_directory(ent->base)) {
304 error("object directory %s does not exist; "
305 "check .git/objects/info/alternates.",
306 ent->base);
307 free(ent);
308 return -1;
309 }
310
311 /* Prevent the common mistake of listing the same
312 * thing twice, or object directory itself.
313 */
314 for (alt = alt_odb_list; alt; alt = alt->next) {
315 if (pfxlen == alt->name - alt->base - 1 &&
316 !memcmp(ent->base, alt->base, pfxlen)) {
317 free(ent);
318 return -1;
319 }
320 }
321 if (!strcmp_icase(ent->base, normalized_objdir)) {
322 free(ent);
323 return -1;
324 }
325
326 /* add the alternate entry */
327 *alt_odb_tail = ent;
328 alt_odb_tail = &(ent->next);
329 ent->next = NULL;
330
331 /* recursively add alternates */
332 read_info_alternates(ent->base, depth + 1);
333
334 ent->base[pfxlen] = '/';
335
336 return 0;
337 }
338
339 static void link_alt_odb_entries(const char *alt, int len, int sep,
340 const char *relative_base, int depth)
341 {
342 struct string_list entries = STRING_LIST_INIT_NODUP;
343 char *alt_copy;
344 int i;
345 struct strbuf objdirbuf = STRBUF_INIT;
346
347 if (depth > 5) {
348 error("%s: ignoring alternate object stores, nesting too deep.",
349 relative_base);
350 return;
351 }
352
353 strbuf_add_absolute_path(&objdirbuf, get_object_directory());
354 normalize_path_copy(objdirbuf.buf, objdirbuf.buf);
355
356 alt_copy = xmemdupz(alt, len);
357 string_list_split_in_place(&entries, alt_copy, sep, -1);
358 for (i = 0; i < entries.nr; i++) {
359 const char *entry = entries.items[i].string;
360 if (entry[0] == '\0' || entry[0] == '#')
361 continue;
362 if (!is_absolute_path(entry) && depth) {
363 error("%s: ignoring relative alternate object store %s",
364 relative_base, entry);
365 } else {
366 link_alt_odb_entry(entry, relative_base, depth, objdirbuf.buf);
367 }
368 }
369 string_list_clear(&entries, 0);
370 free(alt_copy);
371 strbuf_release(&objdirbuf);
372 }
373
374 void read_info_alternates(const char * relative_base, int depth)
375 {
376 char *map;
377 size_t mapsz;
378 struct stat st;
379 const char alt_file_name[] = "info/alternates";
380 /* Given that relative_base is no longer than PATH_MAX,
381 ensure that "path" has enough space to append "/", the
382 file name, "info/alternates", and a trailing NUL. */
383 char path[PATH_MAX + 1 + sizeof alt_file_name];
384 int fd;
385
386 sprintf(path, "%s/%s", relative_base, alt_file_name);
387 fd = git_open_noatime(path);
388 if (fd < 0)
389 return;
390 if (fstat(fd, &st) || (st.st_size == 0)) {
391 close(fd);
392 return;
393 }
394 mapsz = xsize_t(st.st_size);
395 map = xmmap(NULL, mapsz, PROT_READ, MAP_PRIVATE, fd, 0);
396 close(fd);
397
398 link_alt_odb_entries(map, mapsz, '\n', relative_base, depth);
399
400 munmap(map, mapsz);
401 }
402
403 void add_to_alternates_file(const char *reference)
404 {
405 struct lock_file *lock = xcalloc(1, sizeof(struct lock_file));
406 int fd = hold_lock_file_for_append(lock, git_path("objects/info/alternates"), LOCK_DIE_ON_ERROR);
407 char *alt = mkpath("%s\n", reference);
408 write_or_die(fd, alt, strlen(alt));
409 if (commit_lock_file(lock))
410 die("could not close alternates file");
411 if (alt_odb_tail)
412 link_alt_odb_entries(alt, strlen(alt), '\n', NULL, 0);
413 }
414
415 int foreach_alt_odb(alt_odb_fn fn, void *cb)
416 {
417 struct alternate_object_database *ent;
418 int r = 0;
419
420 prepare_alt_odb();
421 for (ent = alt_odb_list; ent; ent = ent->next) {
422 r = fn(ent, cb);
423 if (r)
424 break;
425 }
426 return r;
427 }
428
429 void prepare_alt_odb(void)
430 {
431 const char *alt;
432
433 if (alt_odb_tail)
434 return;
435
436 alt = getenv(ALTERNATE_DB_ENVIRONMENT);
437 if (!alt) alt = "";
438
439 alt_odb_tail = &alt_odb_list;
440 link_alt_odb_entries(alt, strlen(alt), PATH_SEP, NULL, 0);
441
442 read_info_alternates(get_object_directory(), 0);
443 }
444
445 static int has_loose_object_local(const unsigned char *sha1)
446 {
447 return !access(sha1_file_name(sha1), F_OK);
448 }
449
450 int has_loose_object_nonlocal(const unsigned char *sha1)
451 {
452 struct alternate_object_database *alt;
453 prepare_alt_odb();
454 for (alt = alt_odb_list; alt; alt = alt->next) {
455 fill_sha1_path(alt->name, sha1);
456 if (!access(alt->base, F_OK))
457 return 1;
458 }
459 return 0;
460 }
461
462 static int has_loose_object(const unsigned char *sha1)
463 {
464 return has_loose_object_local(sha1) ||
465 has_loose_object_nonlocal(sha1);
466 }
467
468 static unsigned int pack_used_ctr;
469 static unsigned int pack_mmap_calls;
470 static unsigned int peak_pack_open_windows;
471 static unsigned int pack_open_windows;
472 static unsigned int pack_open_fds;
473 static unsigned int pack_max_fds;
474 static size_t peak_pack_mapped;
475 static size_t pack_mapped;
476 struct packed_git *packed_git;
477
478 void pack_report(void)
479 {
480 fprintf(stderr,
481 "pack_report: getpagesize() = %10" SZ_FMT "\n"
482 "pack_report: core.packedGitWindowSize = %10" SZ_FMT "\n"
483 "pack_report: core.packedGitLimit = %10" SZ_FMT "\n",
484 sz_fmt(getpagesize()),
485 sz_fmt(packed_git_window_size),
486 sz_fmt(packed_git_limit));
487 fprintf(stderr,
488 "pack_report: pack_used_ctr = %10u\n"
489 "pack_report: pack_mmap_calls = %10u\n"
490 "pack_report: pack_open_windows = %10u / %10u\n"
491 "pack_report: pack_mapped = "
492 "%10" SZ_FMT " / %10" SZ_FMT "\n",
493 pack_used_ctr,
494 pack_mmap_calls,
495 pack_open_windows, peak_pack_open_windows,
496 sz_fmt(pack_mapped), sz_fmt(peak_pack_mapped));
497 }
498
499 /*
500 * Open and mmap the index file at path, perform a couple of
501 * consistency checks, then record its information to p. Return 0 on
502 * success.
503 */
504 static int check_packed_git_idx(const char *path, struct packed_git *p)
505 {
506 void *idx_map;
507 struct pack_idx_header *hdr;
508 size_t idx_size;
509 uint32_t version, nr, i, *index;
510 int fd = git_open_noatime(path);
511 struct stat st;
512
513 if (fd < 0)
514 return -1;
515 if (fstat(fd, &st)) {
516 close(fd);
517 return -1;
518 }
519 idx_size = xsize_t(st.st_size);
520 if (idx_size < 4 * 256 + 20 + 20) {
521 close(fd);
522 return error("index file %s is too small", path);
523 }
524 idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
525 close(fd);
526
527 hdr = idx_map;
528 if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) {
529 version = ntohl(hdr->idx_version);
530 if (version < 2 || version > 2) {
531 munmap(idx_map, idx_size);
532 return error("index file %s is version %"PRIu32
533 " and is not supported by this binary"
534 " (try upgrading GIT to a newer version)",
535 path, version);
536 }
537 } else
538 version = 1;
539
540 nr = 0;
541 index = idx_map;
542 if (version > 1)
543 index += 2; /* skip index header */
544 for (i = 0; i < 256; i++) {
545 uint32_t n = ntohl(index[i]);
546 if (n < nr) {
547 munmap(idx_map, idx_size);
548 return error("non-monotonic index %s", path);
549 }
550 nr = n;
551 }
552
553 if (version == 1) {
554 /*
555 * Total size:
556 * - 256 index entries 4 bytes each
557 * - 24-byte entries * nr (20-byte sha1 + 4-byte offset)
558 * - 20-byte SHA1 of the packfile
559 * - 20-byte SHA1 file checksum
560 */
561 if (idx_size != 4*256 + nr * 24 + 20 + 20) {
562 munmap(idx_map, idx_size);
563 return error("wrong index v1 file size in %s", path);
564 }
565 } else if (version == 2) {
566 /*
567 * Minimum size:
568 * - 8 bytes of header
569 * - 256 index entries 4 bytes each
570 * - 20-byte sha1 entry * nr
571 * - 4-byte crc entry * nr
572 * - 4-byte offset entry * nr
573 * - 20-byte SHA1 of the packfile
574 * - 20-byte SHA1 file checksum
575 * And after the 4-byte offset table might be a
576 * variable sized table containing 8-byte entries
577 * for offsets larger than 2^31.
578 */
579 unsigned long min_size = 8 + 4*256 + nr*(20 + 4 + 4) + 20 + 20;
580 unsigned long max_size = min_size;
581 if (nr)
582 max_size += (nr - 1)*8;
583 if (idx_size < min_size || idx_size > max_size) {
584 munmap(idx_map, idx_size);
585 return error("wrong index v2 file size in %s", path);
586 }
587 if (idx_size != min_size &&
588 /*
589 * make sure we can deal with large pack offsets.
590 * 31-bit signed offset won't be enough, neither
591 * 32-bit unsigned one will be.
592 */
593 (sizeof(off_t) <= 4)) {
594 munmap(idx_map, idx_size);
595 return error("pack too large for current definition of off_t in %s", path);
596 }
597 }
598
599 p->index_version = version;
600 p->index_data = idx_map;
601 p->index_size = idx_size;
602 p->num_objects = nr;
603 return 0;
604 }
605
606 int open_pack_index(struct packed_git *p)
607 {
608 char *idx_name;
609 int ret;
610
611 if (p->index_data)
612 return 0;
613
614 idx_name = xstrdup(p->pack_name);
615 strcpy(idx_name + strlen(idx_name) - strlen(".pack"), ".idx");
616 ret = check_packed_git_idx(idx_name, p);
617 free(idx_name);
618 return ret;
619 }
620
621 static void scan_windows(struct packed_git *p,
622 struct packed_git **lru_p,
623 struct pack_window **lru_w,
624 struct pack_window **lru_l)
625 {
626 struct pack_window *w, *w_l;
627
628 for (w_l = NULL, w = p->windows; w; w = w->next) {
629 if (!w->inuse_cnt) {
630 if (!*lru_w || w->last_used < (*lru_w)->last_used) {
631 *lru_p = p;
632 *lru_w = w;
633 *lru_l = w_l;
634 }
635 }
636 w_l = w;
637 }
638 }
639
640 static int unuse_one_window(struct packed_git *current)
641 {
642 struct packed_git *p, *lru_p = NULL;
643 struct pack_window *lru_w = NULL, *lru_l = NULL;
644
645 if (current)
646 scan_windows(current, &lru_p, &lru_w, &lru_l);
647 for (p = packed_git; p; p = p->next)
648 scan_windows(p, &lru_p, &lru_w, &lru_l);
649 if (lru_p) {
650 munmap(lru_w->base, lru_w->len);
651 pack_mapped -= lru_w->len;
652 if (lru_l)
653 lru_l->next = lru_w->next;
654 else
655 lru_p->windows = lru_w->next;
656 free(lru_w);
657 pack_open_windows--;
658 return 1;
659 }
660 return 0;
661 }
662
663 void release_pack_memory(size_t need)
664 {
665 size_t cur = pack_mapped;
666 while (need >= (cur - pack_mapped) && unuse_one_window(NULL))
667 ; /* nothing */
668 }
669
670 static void mmap_limit_check(size_t length)
671 {
672 static size_t limit = 0;
673 if (!limit) {
674 limit = git_env_ulong("GIT_MMAP_LIMIT", 0);
675 if (!limit)
676 limit = SIZE_MAX;
677 }
678 if (length > limit)
679 die("attempting to mmap %"PRIuMAX" over limit %"PRIuMAX,
680 (uintmax_t)length, (uintmax_t)limit);
681 }
682
683 void *xmmap(void *start, size_t length,
684 int prot, int flags, int fd, off_t offset)
685 {
686 void *ret;
687
688 mmap_limit_check(length);
689 ret = mmap(start, length, prot, flags, fd, offset);
690 if (ret == MAP_FAILED) {
691 if (!length)
692 return NULL;
693 release_pack_memory(length);
694 ret = mmap(start, length, prot, flags, fd, offset);
695 if (ret == MAP_FAILED)
696 die_errno("Out of memory? mmap failed");
697 }
698 return ret;
699 }
700
701 void close_pack_windows(struct packed_git *p)
702 {
703 while (p->windows) {
704 struct pack_window *w = p->windows;
705
706 if (w->inuse_cnt)
707 die("pack '%s' still has open windows to it",
708 p->pack_name);
709 munmap(w->base, w->len);
710 pack_mapped -= w->len;
711 pack_open_windows--;
712 p->windows = w->next;
713 free(w);
714 }
715 }
716
717 /*
718 * The LRU pack is the one with the oldest MRU window, preferring packs
719 * with no used windows, or the oldest mtime if it has no windows allocated.
720 */
721 static void find_lru_pack(struct packed_git *p, struct packed_git **lru_p, struct pack_window **mru_w, int *accept_windows_inuse)
722 {
723 struct pack_window *w, *this_mru_w;
724 int has_windows_inuse = 0;
725
726 /*
727 * Reject this pack if it has windows and the previously selected
728 * one does not. If this pack does not have windows, reject
729 * it if the pack file is newer than the previously selected one.
730 */
731 if (*lru_p && !*mru_w && (p->windows || p->mtime > (*lru_p)->mtime))
732 return;
733
734 for (w = this_mru_w = p->windows; w; w = w->next) {
735 /*
736 * Reject this pack if any of its windows are in use,
737 * but the previously selected pack did not have any
738 * inuse windows. Otherwise, record that this pack
739 * has windows in use.
740 */
741 if (w->inuse_cnt) {
742 if (*accept_windows_inuse)
743 has_windows_inuse = 1;
744 else
745 return;
746 }
747
748 if (w->last_used > this_mru_w->last_used)
749 this_mru_w = w;
750
751 /*
752 * Reject this pack if it has windows that have been
753 * used more recently than the previously selected pack.
754 * If the previously selected pack had windows inuse and
755 * we have not encountered a window in this pack that is
756 * inuse, skip this check since we prefer a pack with no
757 * inuse windows to one that has inuse windows.
758 */
759 if (*mru_w && *accept_windows_inuse == has_windows_inuse &&
760 this_mru_w->last_used > (*mru_w)->last_used)
761 return;
762 }
763
764 /*
765 * Select this pack.
766 */
767 *mru_w = this_mru_w;
768 *lru_p = p;
769 *accept_windows_inuse = has_windows_inuse;
770 }
771
772 static int close_one_pack(void)
773 {
774 struct packed_git *p, *lru_p = NULL;
775 struct pack_window *mru_w = NULL;
776 int accept_windows_inuse = 1;
777
778 for (p = packed_git; p; p = p->next) {
779 if (p->pack_fd == -1)
780 continue;
781 find_lru_pack(p, &lru_p, &mru_w, &accept_windows_inuse);
782 }
783
784 if (lru_p) {
785 close(lru_p->pack_fd);
786 pack_open_fds--;
787 lru_p->pack_fd = -1;
788 return 1;
789 }
790
791 return 0;
792 }
793
794 void unuse_pack(struct pack_window **w_cursor)
795 {
796 struct pack_window *w = *w_cursor;
797 if (w) {
798 w->inuse_cnt--;
799 *w_cursor = NULL;
800 }
801 }
802
803 void close_pack_index(struct packed_git *p)
804 {
805 if (p->index_data) {
806 munmap((void *)p->index_data, p->index_size);
807 p->index_data = NULL;
808 }
809 }
810
811 /*
812 * This is used by git-repack in case a newly created pack happens to
813 * contain the same set of objects as an existing one. In that case
814 * the resulting file might be different even if its name would be the
815 * same. It is best to close any reference to the old pack before it is
816 * replaced on disk. Of course no index pointers or windows for given pack
817 * must subsist at this point. If ever objects from this pack are requested
818 * again, the new version of the pack will be reinitialized through
819 * reprepare_packed_git().
820 */
821 void free_pack_by_name(const char *pack_name)
822 {
823 struct packed_git *p, **pp = &packed_git;
824
825 while (*pp) {
826 p = *pp;
827 if (strcmp(pack_name, p->pack_name) == 0) {
828 clear_delta_base_cache();
829 close_pack_windows(p);
830 if (p->pack_fd != -1) {
831 close(p->pack_fd);
832 pack_open_fds--;
833 }
834 close_pack_index(p);
835 free(p->bad_object_sha1);
836 *pp = p->next;
837 if (last_found_pack == p)
838 last_found_pack = NULL;
839 free(p);
840 return;
841 }
842 pp = &p->next;
843 }
844 }
845
846 static unsigned int get_max_fd_limit(void)
847 {
848 #ifdef RLIMIT_NOFILE
849 {
850 struct rlimit lim;
851
852 if (!getrlimit(RLIMIT_NOFILE, &lim))
853 return lim.rlim_cur;
854 }
855 #endif
856
857 #ifdef _SC_OPEN_MAX
858 {
859 long open_max = sysconf(_SC_OPEN_MAX);
860 if (0 < open_max)
861 return open_max;
862 /*
863 * Otherwise, we got -1 for one of the two
864 * reasons:
865 *
866 * (1) sysconf() did not understand _SC_OPEN_MAX
867 * and signaled an error with -1; or
868 * (2) sysconf() said there is no limit.
869 *
870 * We _could_ clear errno before calling sysconf() to
871 * tell these two cases apart and return a huge number
872 * in the latter case to let the caller cap it to a
873 * value that is not so selfish, but letting the
874 * fallback OPEN_MAX codepath take care of these cases
875 * is a lot simpler.
876 */
877 }
878 #endif
879
880 #ifdef OPEN_MAX
881 return OPEN_MAX;
882 #else
883 return 1; /* see the caller ;-) */
884 #endif
885 }
886
887 /*
888 * Do not call this directly as this leaks p->pack_fd on error return;
889 * call open_packed_git() instead.
890 */
891 static int open_packed_git_1(struct packed_git *p)
892 {
893 struct stat st;
894 struct pack_header hdr;
895 unsigned char sha1[20];
896 unsigned char *idx_sha1;
897 long fd_flag;
898
899 if (!p->index_data && open_pack_index(p))
900 return error("packfile %s index unavailable", p->pack_name);
901
902 if (!pack_max_fds) {
903 unsigned int max_fds = get_max_fd_limit();
904
905 /* Save 3 for stdin/stdout/stderr, 22 for work */
906 if (25 < max_fds)
907 pack_max_fds = max_fds - 25;
908 else
909 pack_max_fds = 1;
910 }
911
912 while (pack_max_fds <= pack_open_fds && close_one_pack())
913 ; /* nothing */
914
915 p->pack_fd = git_open_noatime(p->pack_name);
916 if (p->pack_fd < 0 || fstat(p->pack_fd, &st))
917 return -1;
918 pack_open_fds++;
919
920 /* If we created the struct before we had the pack we lack size. */
921 if (!p->pack_size) {
922 if (!S_ISREG(st.st_mode))
923 return error("packfile %s not a regular file", p->pack_name);
924 p->pack_size = st.st_size;
925 } else if (p->pack_size != st.st_size)
926 return error("packfile %s size changed", p->pack_name);
927
928 /* We leave these file descriptors open with sliding mmap;
929 * there is no point keeping them open across exec(), though.
930 */
931 fd_flag = fcntl(p->pack_fd, F_GETFD, 0);
932 if (fd_flag < 0)
933 return error("cannot determine file descriptor flags");
934 fd_flag |= FD_CLOEXEC;
935 if (fcntl(p->pack_fd, F_SETFD, fd_flag) == -1)
936 return error("cannot set FD_CLOEXEC");
937
938 /* Verify we recognize this pack file format. */
939 if (read_in_full(p->pack_fd, &hdr, sizeof(hdr)) != sizeof(hdr))
940 return error("file %s is far too short to be a packfile", p->pack_name);
941 if (hdr.hdr_signature != htonl(PACK_SIGNATURE))
942 return error("file %s is not a GIT packfile", p->pack_name);
943 if (!pack_version_ok(hdr.hdr_version))
944 return error("packfile %s is version %"PRIu32" and not"
945 " supported (try upgrading GIT to a newer version)",
946 p->pack_name, ntohl(hdr.hdr_version));
947
948 /* Verify the pack matches its index. */
949 if (p->num_objects != ntohl(hdr.hdr_entries))
950 return error("packfile %s claims to have %"PRIu32" objects"
951 " while index indicates %"PRIu32" objects",
952 p->pack_name, ntohl(hdr.hdr_entries),
953 p->num_objects);
954 if (lseek(p->pack_fd, p->pack_size - sizeof(sha1), SEEK_SET) == -1)
955 return error("end of packfile %s is unavailable", p->pack_name);
956 if (read_in_full(p->pack_fd, sha1, sizeof(sha1)) != sizeof(sha1))
957 return error("packfile %s signature is unavailable", p->pack_name);
958 idx_sha1 = ((unsigned char *)p->index_data) + p->index_size - 40;
959 if (hashcmp(sha1, idx_sha1))
960 return error("packfile %s does not match index", p->pack_name);
961 return 0;
962 }
963
964 static int open_packed_git(struct packed_git *p)
965 {
966 if (!open_packed_git_1(p))
967 return 0;
968 if (p->pack_fd != -1) {
969 close(p->pack_fd);
970 pack_open_fds--;
971 p->pack_fd = -1;
972 }
973 return -1;
974 }
975
976 static int in_window(struct pack_window *win, off_t offset)
977 {
978 /* We must promise at least 20 bytes (one hash) after the
979 * offset is available from this window, otherwise the offset
980 * is not actually in this window and a different window (which
981 * has that one hash excess) must be used. This is to support
982 * the object header and delta base parsing routines below.
983 */
984 off_t win_off = win->offset;
985 return win_off <= offset
986 && (offset + 20) <= (win_off + win->len);
987 }
988
989 unsigned char *use_pack(struct packed_git *p,
990 struct pack_window **w_cursor,
991 off_t offset,
992 unsigned long *left)
993 {
994 struct pack_window *win = *w_cursor;
995
996 /* Since packfiles end in a hash of their content and it's
997 * pointless to ask for an offset into the middle of that
998 * hash, and the in_window function above wouldn't match
999 * don't allow an offset too close to the end of the file.
1000 */
1001 if (!p->pack_size && p->pack_fd == -1 && open_packed_git(p))
1002 die("packfile %s cannot be accessed", p->pack_name);
1003 if (offset > (p->pack_size - 20))
1004 die("offset beyond end of packfile (truncated pack?)");
1005
1006 if (!win || !in_window(win, offset)) {
1007 if (win)
1008 win->inuse_cnt--;
1009 for (win = p->windows; win; win = win->next) {
1010 if (in_window(win, offset))
1011 break;
1012 }
1013 if (!win) {
1014 size_t window_align = packed_git_window_size / 2;
1015 off_t len;
1016
1017 if (p->pack_fd == -1 && open_packed_git(p))
1018 die("packfile %s cannot be accessed", p->pack_name);
1019
1020 win = xcalloc(1, sizeof(*win));
1021 win->offset = (offset / window_align) * window_align;
1022 len = p->pack_size - win->offset;
1023 if (len > packed_git_window_size)
1024 len = packed_git_window_size;
1025 win->len = (size_t)len;
1026 pack_mapped += win->len;
1027 while (packed_git_limit < pack_mapped
1028 && unuse_one_window(p))
1029 ; /* nothing */
1030 win->base = xmmap(NULL, win->len,
1031 PROT_READ, MAP_PRIVATE,
1032 p->pack_fd, win->offset);
1033 if (win->base == MAP_FAILED)
1034 die("packfile %s cannot be mapped: %s",
1035 p->pack_name,
1036 strerror(errno));
1037 if (!win->offset && win->len == p->pack_size
1038 && !p->do_not_close) {
1039 close(p->pack_fd);
1040 pack_open_fds--;
1041 p->pack_fd = -1;
1042 }
1043 pack_mmap_calls++;
1044 pack_open_windows++;
1045 if (pack_mapped > peak_pack_mapped)
1046 peak_pack_mapped = pack_mapped;
1047 if (pack_open_windows > peak_pack_open_windows)
1048 peak_pack_open_windows = pack_open_windows;
1049 win->next = p->windows;
1050 p->windows = win;
1051 }
1052 }
1053 if (win != *w_cursor) {
1054 win->last_used = pack_used_ctr++;
1055 win->inuse_cnt++;
1056 *w_cursor = win;
1057 }
1058 offset -= win->offset;
1059 if (left)
1060 *left = win->len - xsize_t(offset);
1061 return win->base + offset;
1062 }
1063
1064 static struct packed_git *alloc_packed_git(int extra)
1065 {
1066 struct packed_git *p = xmalloc(sizeof(*p) + extra);
1067 memset(p, 0, sizeof(*p));
1068 p->pack_fd = -1;
1069 return p;
1070 }
1071
1072 static void try_to_free_pack_memory(size_t size)
1073 {
1074 release_pack_memory(size);
1075 }
1076
1077 struct packed_git *add_packed_git(const char *path, int path_len, int local)
1078 {
1079 static int have_set_try_to_free_routine;
1080 struct stat st;
1081 struct packed_git *p = alloc_packed_git(path_len + 2);
1082
1083 if (!have_set_try_to_free_routine) {
1084 have_set_try_to_free_routine = 1;
1085 set_try_to_free_routine(try_to_free_pack_memory);
1086 }
1087
1088 /*
1089 * Make sure a corresponding .pack file exists and that
1090 * the index looks sane.
1091 */
1092 path_len -= strlen(".idx");
1093 if (path_len < 1) {
1094 free(p);
1095 return NULL;
1096 }
1097 memcpy(p->pack_name, path, path_len);
1098
1099 strcpy(p->pack_name + path_len, ".keep");
1100 if (!access(p->pack_name, F_OK))
1101 p->pack_keep = 1;
1102
1103 strcpy(p->pack_name + path_len, ".pack");
1104 if (stat(p->pack_name, &st) || !S_ISREG(st.st_mode)) {
1105 free(p);
1106 return NULL;
1107 }
1108
1109 /* ok, it looks sane as far as we can check without
1110 * actually mapping the pack file.
1111 */
1112 p->pack_size = st.st_size;
1113 p->pack_local = local;
1114 p->mtime = st.st_mtime;
1115 if (path_len < 40 || get_sha1_hex(path + path_len - 40, p->sha1))
1116 hashclr(p->sha1);
1117 return p;
1118 }
1119
1120 struct packed_git *parse_pack_index(unsigned char *sha1, const char *idx_path)
1121 {
1122 const char *path = sha1_pack_name(sha1);
1123 struct packed_git *p = alloc_packed_git(strlen(path) + 1);
1124
1125 strcpy(p->pack_name, path);
1126 hashcpy(p->sha1, sha1);
1127 if (check_packed_git_idx(idx_path, p)) {
1128 free(p);
1129 return NULL;
1130 }
1131
1132 return p;
1133 }
1134
1135 void install_packed_git(struct packed_git *pack)
1136 {
1137 if (pack->pack_fd != -1)
1138 pack_open_fds++;
1139
1140 pack->next = packed_git;
1141 packed_git = pack;
1142 }
1143
1144 void (*report_garbage)(const char *desc, const char *path);
1145
1146 static void report_helper(const struct string_list *list,
1147 int seen_bits, int first, int last)
1148 {
1149 const char *msg;
1150 switch (seen_bits) {
1151 case 0:
1152 msg = "no corresponding .idx or .pack";
1153 break;
1154 case 1:
1155 msg = "no corresponding .idx";
1156 break;
1157 case 2:
1158 msg = "no corresponding .pack";
1159 break;
1160 default:
1161 return;
1162 }
1163 for (; first < last; first++)
1164 report_garbage(msg, list->items[first].string);
1165 }
1166
1167 static void report_pack_garbage(struct string_list *list)
1168 {
1169 int i, baselen = -1, first = 0, seen_bits = 0;
1170
1171 if (!report_garbage)
1172 return;
1173
1174 sort_string_list(list);
1175
1176 for (i = 0; i < list->nr; i++) {
1177 const char *path = list->items[i].string;
1178 if (baselen != -1 &&
1179 strncmp(path, list->items[first].string, baselen)) {
1180 report_helper(list, seen_bits, first, i);
1181 baselen = -1;
1182 seen_bits = 0;
1183 }
1184 if (baselen == -1) {
1185 const char *dot = strrchr(path, '.');
1186 if (!dot) {
1187 report_garbage("garbage found", path);
1188 continue;
1189 }
1190 baselen = dot - path + 1;
1191 first = i;
1192 }
1193 if (!strcmp(path + baselen, "pack"))
1194 seen_bits |= 1;
1195 else if (!strcmp(path + baselen, "idx"))
1196 seen_bits |= 2;
1197 }
1198 report_helper(list, seen_bits, first, list->nr);
1199 }
1200
1201 static void prepare_packed_git_one(char *objdir, int local)
1202 {
1203 struct strbuf path = STRBUF_INIT;
1204 size_t dirnamelen;
1205 DIR *dir;
1206 struct dirent *de;
1207 struct string_list garbage = STRING_LIST_INIT_DUP;
1208
1209 strbuf_addstr(&path, objdir);
1210 strbuf_addstr(&path, "/pack");
1211 dir = opendir(path.buf);
1212 if (!dir) {
1213 if (errno != ENOENT)
1214 error("unable to open object pack directory: %s: %s",
1215 path.buf, strerror(errno));
1216 strbuf_release(&path);
1217 return;
1218 }
1219 strbuf_addch(&path, '/');
1220 dirnamelen = path.len;
1221 while ((de = readdir(dir)) != NULL) {
1222 struct packed_git *p;
1223 size_t base_len;
1224
1225 if (is_dot_or_dotdot(de->d_name))
1226 continue;
1227
1228 strbuf_setlen(&path, dirnamelen);
1229 strbuf_addstr(&path, de->d_name);
1230
1231 base_len = path.len;
1232 if (strip_suffix_mem(path.buf, &base_len, ".idx")) {
1233 /* Don't reopen a pack we already have. */
1234 for (p = packed_git; p; p = p->next) {
1235 size_t len;
1236 if (strip_suffix(p->pack_name, ".pack", &len) &&
1237 len == base_len &&
1238 !memcmp(p->pack_name, path.buf, len))
1239 break;
1240 }
1241 if (p == NULL &&
1242 /*
1243 * See if it really is a valid .idx file with
1244 * corresponding .pack file that we can map.
1245 */
1246 (p = add_packed_git(path.buf, path.len, local)) != NULL)
1247 install_packed_git(p);
1248 }
1249
1250 if (!report_garbage)
1251 continue;
1252
1253 if (ends_with(de->d_name, ".idx") ||
1254 ends_with(de->d_name, ".pack") ||
1255 ends_with(de->d_name, ".bitmap") ||
1256 ends_with(de->d_name, ".keep"))
1257 string_list_append(&garbage, path.buf);
1258 else
1259 report_garbage("garbage found", path.buf);
1260 }
1261 closedir(dir);
1262 report_pack_garbage(&garbage);
1263 string_list_clear(&garbage, 0);
1264 strbuf_release(&path);
1265 }
1266
1267 static int sort_pack(const void *a_, const void *b_)
1268 {
1269 struct packed_git *a = *((struct packed_git **)a_);
1270 struct packed_git *b = *((struct packed_git **)b_);
1271 int st;
1272
1273 /*
1274 * Local packs tend to contain objects specific to our
1275 * variant of the project than remote ones. In addition,
1276 * remote ones could be on a network mounted filesystem.
1277 * Favor local ones for these reasons.
1278 */
1279 st = a->pack_local - b->pack_local;
1280 if (st)
1281 return -st;
1282
1283 /*
1284 * Younger packs tend to contain more recent objects,
1285 * and more recent objects tend to get accessed more
1286 * often.
1287 */
1288 if (a->mtime < b->mtime)
1289 return 1;
1290 else if (a->mtime == b->mtime)
1291 return 0;
1292 return -1;
1293 }
1294
1295 static void rearrange_packed_git(void)
1296 {
1297 struct packed_git **ary, *p;
1298 int i, n;
1299
1300 for (n = 0, p = packed_git; p; p = p->next)
1301 n++;
1302 if (n < 2)
1303 return;
1304
1305 /* prepare an array of packed_git for easier sorting */
1306 ary = xcalloc(n, sizeof(struct packed_git *));
1307 for (n = 0, p = packed_git; p; p = p->next)
1308 ary[n++] = p;
1309
1310 qsort(ary, n, sizeof(struct packed_git *), sort_pack);
1311
1312 /* link them back again */
1313 for (i = 0; i < n - 1; i++)
1314 ary[i]->next = ary[i + 1];
1315 ary[n - 1]->next = NULL;
1316 packed_git = ary[0];
1317
1318 free(ary);
1319 }
1320
1321 static int prepare_packed_git_run_once = 0;
1322 void prepare_packed_git(void)
1323 {
1324 struct alternate_object_database *alt;
1325
1326 if (prepare_packed_git_run_once)
1327 return;
1328 prepare_packed_git_one(get_object_directory(), 1);
1329 prepare_alt_odb();
1330 for (alt = alt_odb_list; alt; alt = alt->next) {
1331 alt->name[-1] = 0;
1332 prepare_packed_git_one(alt->base, 0);
1333 alt->name[-1] = '/';
1334 }
1335 rearrange_packed_git();
1336 prepare_packed_git_run_once = 1;
1337 }
1338
1339 void reprepare_packed_git(void)
1340 {
1341 prepare_packed_git_run_once = 0;
1342 prepare_packed_git();
1343 }
1344
1345 static void mark_bad_packed_object(struct packed_git *p,
1346 const unsigned char *sha1)
1347 {
1348 unsigned i;
1349 for (i = 0; i < p->num_bad_objects; i++)
1350 if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
1351 return;
1352 p->bad_object_sha1 = xrealloc(p->bad_object_sha1, 20 * (p->num_bad_objects + 1));
1353 hashcpy(p->bad_object_sha1 + 20 * p->num_bad_objects, sha1);
1354 p->num_bad_objects++;
1355 }
1356
1357 static const struct packed_git *has_packed_and_bad(const unsigned char *sha1)
1358 {
1359 struct packed_git *p;
1360 unsigned i;
1361
1362 for (p = packed_git; p; p = p->next)
1363 for (i = 0; i < p->num_bad_objects; i++)
1364 if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
1365 return p;
1366 return NULL;
1367 }
1368
1369 /*
1370 * With an in-core object data in "map", rehash it to make sure the
1371 * object name actually matches "sha1" to detect object corruption.
1372 * With "map" == NULL, try reading the object named with "sha1" using
1373 * the streaming interface and rehash it to do the same.
1374 */
1375 int check_sha1_signature(const unsigned char *sha1, void *map,
1376 unsigned long size, const char *type)
1377 {
1378 unsigned char real_sha1[20];
1379 enum object_type obj_type;
1380 struct git_istream *st;
1381 git_SHA_CTX c;
1382 char hdr[32];
1383 int hdrlen;
1384
1385 if (map) {
1386 hash_sha1_file(map, size, type, real_sha1);
1387 return hashcmp(sha1, real_sha1) ? -1 : 0;
1388 }
1389
1390 st = open_istream(sha1, &obj_type, &size, NULL);
1391 if (!st)
1392 return -1;
1393
1394 /* Generate the header */
1395 hdrlen = sprintf(hdr, "%s %lu", typename(obj_type), size) + 1;
1396
1397 /* Sha1.. */
1398 git_SHA1_Init(&c);
1399 git_SHA1_Update(&c, hdr, hdrlen);
1400 for (;;) {
1401 char buf[1024 * 16];
1402 ssize_t readlen = read_istream(st, buf, sizeof(buf));
1403
1404 if (readlen < 0) {
1405 close_istream(st);
1406 return -1;
1407 }
1408 if (!readlen)
1409 break;
1410 git_SHA1_Update(&c, buf, readlen);
1411 }
1412 git_SHA1_Final(real_sha1, &c);
1413 close_istream(st);
1414 return hashcmp(sha1, real_sha1) ? -1 : 0;
1415 }
1416
1417 int git_open_noatime(const char *name)
1418 {
1419 static int sha1_file_open_flag = O_NOATIME;
1420
1421 for (;;) {
1422 int fd = open(name, O_RDONLY | sha1_file_open_flag);
1423 if (fd >= 0)
1424 return fd;
1425
1426 /* Might the failure be due to O_NOATIME? */
1427 if (errno != ENOENT && sha1_file_open_flag) {
1428 sha1_file_open_flag = 0;
1429 continue;
1430 }
1431
1432 return -1;
1433 }
1434 }
1435
1436 static int stat_sha1_file(const unsigned char *sha1, struct stat *st)
1437 {
1438 struct alternate_object_database *alt;
1439
1440 if (!lstat(sha1_file_name(sha1), st))
1441 return 0;
1442
1443 prepare_alt_odb();
1444 errno = ENOENT;
1445 for (alt = alt_odb_list; alt; alt = alt->next) {
1446 fill_sha1_path(alt->name, sha1);
1447 if (!lstat(alt->base, st))
1448 return 0;
1449 }
1450
1451 return -1;
1452 }
1453
1454 static int open_sha1_file(const unsigned char *sha1)
1455 {
1456 int fd;
1457 struct alternate_object_database *alt;
1458 int most_interesting_errno;
1459
1460 fd = git_open_noatime(sha1_file_name(sha1));
1461 if (fd >= 0)
1462 return fd;
1463 most_interesting_errno = errno;
1464
1465 prepare_alt_odb();
1466 for (alt = alt_odb_list; alt; alt = alt->next) {
1467 fill_sha1_path(alt->name, sha1);
1468 fd = git_open_noatime(alt->base);
1469 if (fd >= 0)
1470 return fd;
1471 if (most_interesting_errno == ENOENT)
1472 most_interesting_errno = errno;
1473 }
1474 errno = most_interesting_errno;
1475 return -1;
1476 }
1477
1478 void *map_sha1_file(const unsigned char *sha1, unsigned long *size)
1479 {
1480 void *map;
1481 int fd;
1482
1483 fd = open_sha1_file(sha1);
1484 map = NULL;
1485 if (fd >= 0) {
1486 struct stat st;
1487
1488 if (!fstat(fd, &st)) {
1489 *size = xsize_t(st.st_size);
1490 if (!*size) {
1491 /* mmap() is forbidden on empty files */
1492 error("object file %s is empty", sha1_file_name(sha1));
1493 return NULL;
1494 }
1495 map = xmmap(NULL, *size, PROT_READ, MAP_PRIVATE, fd, 0);
1496 }
1497 close(fd);
1498 }
1499 return map;
1500 }
1501
1502 unsigned long unpack_object_header_buffer(const unsigned char *buf,
1503 unsigned long len, enum object_type *type, unsigned long *sizep)
1504 {
1505 unsigned shift;
1506 unsigned long size, c;
1507 unsigned long used = 0;
1508
1509 c = buf[used++];
1510 *type = (c >> 4) & 7;
1511 size = c & 15;
1512 shift = 4;
1513 while (c & 0x80) {
1514 if (len <= used || bitsizeof(long) <= shift) {
1515 error("bad object header");
1516 size = used = 0;
1517 break;
1518 }
1519 c = buf[used++];
1520 size += (c & 0x7f) << shift;
1521 shift += 7;
1522 }
1523 *sizep = size;
1524 return used;
1525 }
1526
1527 int unpack_sha1_header(git_zstream *stream, unsigned char *map, unsigned long mapsize, void *buffer, unsigned long bufsiz)
1528 {
1529 /* Get the data stream */
1530 memset(stream, 0, sizeof(*stream));
1531 stream->next_in = map;
1532 stream->avail_in = mapsize;
1533 stream->next_out = buffer;
1534 stream->avail_out = bufsiz;
1535
1536 git_inflate_init(stream);
1537 return git_inflate(stream, 0);
1538 }
1539
1540 static void *unpack_sha1_rest(git_zstream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
1541 {
1542 int bytes = strlen(buffer) + 1;
1543 unsigned char *buf = xmallocz(size);
1544 unsigned long n;
1545 int status = Z_OK;
1546
1547 n = stream->total_out - bytes;
1548 if (n > size)
1549 n = size;
1550 memcpy(buf, (char *) buffer + bytes, n);
1551 bytes = n;
1552 if (bytes <= size) {
1553 /*
1554 * The above condition must be (bytes <= size), not
1555 * (bytes < size). In other words, even though we
1556 * expect no more output and set avail_out to zero,
1557 * the input zlib stream may have bytes that express
1558 * "this concludes the stream", and we *do* want to
1559 * eat that input.
1560 *
1561 * Otherwise we would not be able to test that we
1562 * consumed all the input to reach the expected size;
1563 * we also want to check that zlib tells us that all
1564 * went well with status == Z_STREAM_END at the end.
1565 */
1566 stream->next_out = buf + bytes;
1567 stream->avail_out = size - bytes;
1568 while (status == Z_OK)
1569 status = git_inflate(stream, Z_FINISH);
1570 }
1571 if (status == Z_STREAM_END && !stream->avail_in) {
1572 git_inflate_end(stream);
1573 return buf;
1574 }
1575
1576 if (status < 0)
1577 error("corrupt loose object '%s'", sha1_to_hex(sha1));
1578 else if (stream->avail_in)
1579 error("garbage at end of loose object '%s'",
1580 sha1_to_hex(sha1));
1581 free(buf);
1582 return NULL;
1583 }
1584
1585 /*
1586 * We used to just use "sscanf()", but that's actually way
1587 * too permissive for what we want to check. So do an anal
1588 * object header parse by hand.
1589 */
1590 int parse_sha1_header(const char *hdr, unsigned long *sizep)
1591 {
1592 char type[10];
1593 int i;
1594 unsigned long size;
1595
1596 /*
1597 * The type can be at most ten bytes (including the
1598 * terminating '\0' that we add), and is followed by
1599 * a space.
1600 */
1601 i = 0;
1602 for (;;) {
1603 char c = *hdr++;
1604 if (c == ' ')
1605 break;
1606 type[i++] = c;
1607 if (i >= sizeof(type))
1608 return -1;
1609 }
1610 type[i] = 0;
1611
1612 /*
1613 * The length must follow immediately, and be in canonical
1614 * decimal format (ie "010" is not valid).
1615 */
1616 size = *hdr++ - '0';
1617 if (size > 9)
1618 return -1;
1619 if (size) {
1620 for (;;) {
1621 unsigned long c = *hdr - '0';
1622 if (c > 9)
1623 break;
1624 hdr++;
1625 size = size * 10 + c;
1626 }
1627 }
1628 *sizep = size;
1629
1630 /*
1631 * The length must be followed by a zero byte
1632 */
1633 return *hdr ? -1 : type_from_string(type);
1634 }
1635
1636 static void *unpack_sha1_file(void *map, unsigned long mapsize, enum object_type *type, unsigned long *size, const unsigned char *sha1)
1637 {
1638 int ret;
1639 git_zstream stream;
1640 char hdr[8192];
1641
1642 ret = unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr));
1643 if (ret < Z_OK || (*type = parse_sha1_header(hdr, size)) < 0)
1644 return NULL;
1645
1646 return unpack_sha1_rest(&stream, hdr, *size, sha1);
1647 }
1648
1649 unsigned long get_size_from_delta(struct packed_git *p,
1650 struct pack_window **w_curs,
1651 off_t curpos)
1652 {
1653 const unsigned char *data;
1654 unsigned char delta_head[20], *in;
1655 git_zstream stream;
1656 int st;
1657
1658 memset(&stream, 0, sizeof(stream));
1659 stream.next_out = delta_head;
1660 stream.avail_out = sizeof(delta_head);
1661
1662 git_inflate_init(&stream);
1663 do {
1664 in = use_pack(p, w_curs, curpos, &stream.avail_in);
1665 stream.next_in = in;
1666 st = git_inflate(&stream, Z_FINISH);
1667 curpos += stream.next_in - in;
1668 } while ((st == Z_OK || st == Z_BUF_ERROR) &&
1669 stream.total_out < sizeof(delta_head));
1670 git_inflate_end(&stream);
1671 if ((st != Z_STREAM_END) && stream.total_out != sizeof(delta_head)) {
1672 error("delta data unpack-initial failed");
1673 return 0;
1674 }
1675
1676 /* Examine the initial part of the delta to figure out
1677 * the result size.
1678 */
1679 data = delta_head;
1680
1681 /* ignore base size */
1682 get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1683
1684 /* Read the result size */
1685 return get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1686 }
1687
1688 static off_t get_delta_base(struct packed_git *p,
1689 struct pack_window **w_curs,
1690 off_t *curpos,
1691 enum object_type type,
1692 off_t delta_obj_offset)
1693 {
1694 unsigned char *base_info = use_pack(p, w_curs, *curpos, NULL);
1695 off_t base_offset;
1696
1697 /* use_pack() assured us we have [base_info, base_info + 20)
1698 * as a range that we can look at without walking off the
1699 * end of the mapped window. Its actually the hash size
1700 * that is assured. An OFS_DELTA longer than the hash size
1701 * is stupid, as then a REF_DELTA would be smaller to store.
1702 */
1703 if (type == OBJ_OFS_DELTA) {
1704 unsigned used = 0;
1705 unsigned char c = base_info[used++];
1706 base_offset = c & 127;
1707 while (c & 128) {
1708 base_offset += 1;
1709 if (!base_offset || MSB(base_offset, 7))
1710 return 0; /* overflow */
1711 c = base_info[used++];
1712 base_offset = (base_offset << 7) + (c & 127);
1713 }
1714 base_offset = delta_obj_offset - base_offset;
1715 if (base_offset <= 0 || base_offset >= delta_obj_offset)
1716 return 0; /* out of bound */
1717 *curpos += used;
1718 } else if (type == OBJ_REF_DELTA) {
1719 /* The base entry _must_ be in the same pack */
1720 base_offset = find_pack_entry_one(base_info, p);
1721 *curpos += 20;
1722 } else
1723 die("I am totally screwed");
1724 return base_offset;
1725 }
1726
1727 /*
1728 * Like get_delta_base above, but we return the sha1 instead of the pack
1729 * offset. This means it is cheaper for REF deltas (we do not have to do
1730 * the final object lookup), but more expensive for OFS deltas (we
1731 * have to load the revidx to convert the offset back into a sha1).
1732 */
1733 static const unsigned char *get_delta_base_sha1(struct packed_git *p,
1734 struct pack_window **w_curs,
1735 off_t curpos,
1736 enum object_type type,
1737 off_t delta_obj_offset)
1738 {
1739 if (type == OBJ_REF_DELTA) {
1740 unsigned char *base = use_pack(p, w_curs, curpos, NULL);
1741 return base;
1742 } else if (type == OBJ_OFS_DELTA) {
1743 struct revindex_entry *revidx;
1744 off_t base_offset = get_delta_base(p, w_curs, &curpos,
1745 type, delta_obj_offset);
1746
1747 if (!base_offset)
1748 return NULL;
1749
1750 revidx = find_pack_revindex(p, base_offset);
1751 if (!revidx)
1752 return NULL;
1753
1754 return nth_packed_object_sha1(p, revidx->nr);
1755 } else
1756 return NULL;
1757 }
1758
1759 int unpack_object_header(struct packed_git *p,
1760 struct pack_window **w_curs,
1761 off_t *curpos,
1762 unsigned long *sizep)
1763 {
1764 unsigned char *base;
1765 unsigned long left;
1766 unsigned long used;
1767 enum object_type type;
1768
1769 /* use_pack() assures us we have [base, base + 20) available
1770 * as a range that we can look at. (Its actually the hash
1771 * size that is assured.) With our object header encoding
1772 * the maximum deflated object size is 2^137, which is just
1773 * insane, so we know won't exceed what we have been given.
1774 */
1775 base = use_pack(p, w_curs, *curpos, &left);
1776 used = unpack_object_header_buffer(base, left, &type, sizep);
1777 if (!used) {
1778 type = OBJ_BAD;
1779 } else
1780 *curpos += used;
1781
1782 return type;
1783 }
1784
1785 static int retry_bad_packed_offset(struct packed_git *p, off_t obj_offset)
1786 {
1787 int type;
1788 struct revindex_entry *revidx;
1789 const unsigned char *sha1;
1790 revidx = find_pack_revindex(p, obj_offset);
1791 if (!revidx)
1792 return OBJ_BAD;
1793 sha1 = nth_packed_object_sha1(p, revidx->nr);
1794 mark_bad_packed_object(p, sha1);
1795 type = sha1_object_info(sha1, NULL);
1796 if (type <= OBJ_NONE)
1797 return OBJ_BAD;
1798 return type;
1799 }
1800
1801 #define POI_STACK_PREALLOC 64
1802
1803 static enum object_type packed_to_object_type(struct packed_git *p,
1804 off_t obj_offset,
1805 enum object_type type,
1806 struct pack_window **w_curs,
1807 off_t curpos)
1808 {
1809 off_t small_poi_stack[POI_STACK_PREALLOC];
1810 off_t *poi_stack = small_poi_stack;
1811 int poi_stack_nr = 0, poi_stack_alloc = POI_STACK_PREALLOC;
1812
1813 while (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1814 off_t base_offset;
1815 unsigned long size;
1816 /* Push the object we're going to leave behind */
1817 if (poi_stack_nr >= poi_stack_alloc && poi_stack == small_poi_stack) {
1818 poi_stack_alloc = alloc_nr(poi_stack_nr);
1819 poi_stack = xmalloc(sizeof(off_t)*poi_stack_alloc);
1820 memcpy(poi_stack, small_poi_stack, sizeof(off_t)*poi_stack_nr);
1821 } else {
1822 ALLOC_GROW(poi_stack, poi_stack_nr+1, poi_stack_alloc);
1823 }
1824 poi_stack[poi_stack_nr++] = obj_offset;
1825 /* If parsing the base offset fails, just unwind */
1826 base_offset = get_delta_base(p, w_curs, &curpos, type, obj_offset);
1827 if (!base_offset)
1828 goto unwind;
1829 curpos = obj_offset = base_offset;
1830 type = unpack_object_header(p, w_curs, &curpos, &size);
1831 if (type <= OBJ_NONE) {
1832 /* If getting the base itself fails, we first
1833 * retry the base, otherwise unwind */
1834 type = retry_bad_packed_offset(p, base_offset);
1835 if (type > OBJ_NONE)
1836 goto out;
1837 goto unwind;
1838 }
1839 }
1840
1841 switch (type) {
1842 case OBJ_BAD:
1843 case OBJ_COMMIT:
1844 case OBJ_TREE:
1845 case OBJ_BLOB:
1846 case OBJ_TAG:
1847 break;
1848 default:
1849 error("unknown object type %i at offset %"PRIuMAX" in %s",
1850 type, (uintmax_t)obj_offset, p->pack_name);
1851 type = OBJ_BAD;
1852 }
1853
1854 out:
1855 if (poi_stack != small_poi_stack)
1856 free(poi_stack);
1857 return type;
1858
1859 unwind:
1860 while (poi_stack_nr) {
1861 obj_offset = poi_stack[--poi_stack_nr];
1862 type = retry_bad_packed_offset(p, obj_offset);
1863 if (type > OBJ_NONE)
1864 goto out;
1865 }
1866 type = OBJ_BAD;
1867 goto out;
1868 }
1869
1870 static int packed_object_info(struct packed_git *p, off_t obj_offset,
1871 struct object_info *oi)
1872 {
1873 struct pack_window *w_curs = NULL;
1874 unsigned long size;
1875 off_t curpos = obj_offset;
1876 enum object_type type;
1877
1878 /*
1879 * We always get the representation type, but only convert it to
1880 * a "real" type later if the caller is interested.
1881 */
1882 type = unpack_object_header(p, &w_curs, &curpos, &size);
1883
1884 if (oi->sizep) {
1885 if (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1886 off_t tmp_pos = curpos;
1887 off_t base_offset = get_delta_base(p, &w_curs, &tmp_pos,
1888 type, obj_offset);
1889 if (!base_offset) {
1890 type = OBJ_BAD;
1891 goto out;
1892 }
1893 *oi->sizep = get_size_from_delta(p, &w_curs, tmp_pos);
1894 if (*oi->sizep == 0) {
1895 type = OBJ_BAD;
1896 goto out;
1897 }
1898 } else {
1899 *oi->sizep = size;
1900 }
1901 }
1902
1903 if (oi->disk_sizep) {
1904 struct revindex_entry *revidx = find_pack_revindex(p, obj_offset);
1905 *oi->disk_sizep = revidx[1].offset - obj_offset;
1906 }
1907
1908 if (oi->typep) {
1909 *oi->typep = packed_to_object_type(p, obj_offset, type, &w_curs, curpos);
1910 if (*oi->typep < 0) {
1911 type = OBJ_BAD;
1912 goto out;
1913 }
1914 }
1915
1916 if (oi->delta_base_sha1) {
1917 if (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1918 const unsigned char *base;
1919
1920 base = get_delta_base_sha1(p, &w_curs, curpos,
1921 type, obj_offset);
1922 if (!base) {
1923 type = OBJ_BAD;
1924 goto out;
1925 }
1926
1927 hashcpy(oi->delta_base_sha1, base);
1928 } else
1929 hashclr(oi->delta_base_sha1);
1930 }
1931
1932 out:
1933 unuse_pack(&w_curs);
1934 return type;
1935 }
1936
1937 static void *unpack_compressed_entry(struct packed_git *p,
1938 struct pack_window **w_curs,
1939 off_t curpos,
1940 unsigned long size)
1941 {
1942 int st;
1943 git_zstream stream;
1944 unsigned char *buffer, *in;
1945
1946 buffer = xmallocz_gently(size);
1947 if (!buffer)
1948 return NULL;
1949 memset(&stream, 0, sizeof(stream));
1950 stream.next_out = buffer;
1951 stream.avail_out = size + 1;
1952
1953 git_inflate_init(&stream);
1954 do {
1955 in = use_pack(p, w_curs, curpos, &stream.avail_in);
1956 stream.next_in = in;
1957 st = git_inflate(&stream, Z_FINISH);
1958 if (!stream.avail_out)
1959 break; /* the payload is larger than it should be */
1960 curpos += stream.next_in - in;
1961 } while (st == Z_OK || st == Z_BUF_ERROR);
1962 git_inflate_end(&stream);
1963 if ((st != Z_STREAM_END) || stream.total_out != size) {
1964 free(buffer);
1965 return NULL;
1966 }
1967
1968 return buffer;
1969 }
1970
1971 #define MAX_DELTA_CACHE (256)
1972
1973 static size_t delta_base_cached;
1974
1975 static struct delta_base_cache_lru_list {
1976 struct delta_base_cache_lru_list *prev;
1977 struct delta_base_cache_lru_list *next;
1978 } delta_base_cache_lru = { &delta_base_cache_lru, &delta_base_cache_lru };
1979
1980 static struct delta_base_cache_entry {
1981 struct delta_base_cache_lru_list lru;
1982 void *data;
1983 struct packed_git *p;
1984 off_t base_offset;
1985 unsigned long size;
1986 enum object_type type;
1987 } delta_base_cache[MAX_DELTA_CACHE];
1988
1989 static unsigned long pack_entry_hash(struct packed_git *p, off_t base_offset)
1990 {
1991 unsigned long hash;
1992
1993 hash = (unsigned long)p + (unsigned long)base_offset;
1994 hash += (hash >> 8) + (hash >> 16);
1995 return hash % MAX_DELTA_CACHE;
1996 }
1997
1998 static struct delta_base_cache_entry *
1999 get_delta_base_cache_entry(struct packed_git *p, off_t base_offset)
2000 {
2001 unsigned long hash = pack_entry_hash(p, base_offset);
2002 return delta_base_cache + hash;
2003 }
2004
2005 static int eq_delta_base_cache_entry(struct delta_base_cache_entry *ent,
2006 struct packed_git *p, off_t base_offset)
2007 {
2008 return (ent->data && ent->p == p && ent->base_offset == base_offset);
2009 }
2010
2011 static int in_delta_base_cache(struct packed_git *p, off_t base_offset)
2012 {
2013 struct delta_base_cache_entry *ent;
2014 ent = get_delta_base_cache_entry(p, base_offset);
2015 return eq_delta_base_cache_entry(ent, p, base_offset);
2016 }
2017
2018 static void clear_delta_base_cache_entry(struct delta_base_cache_entry *ent)
2019 {
2020 ent->data = NULL;
2021 ent->lru.next->prev = ent->lru.prev;
2022 ent->lru.prev->next = ent->lru.next;
2023 delta_base_cached -= ent->size;
2024 }
2025
2026 static void *cache_or_unpack_entry(struct packed_git *p, off_t base_offset,
2027 unsigned long *base_size, enum object_type *type, int keep_cache)
2028 {
2029 struct delta_base_cache_entry *ent;
2030 void *ret;
2031
2032 ent = get_delta_base_cache_entry(p, base_offset);
2033
2034 if (!eq_delta_base_cache_entry(ent, p, base_offset))
2035 return unpack_entry(p, base_offset, type, base_size);
2036
2037 ret = ent->data;
2038
2039 if (!keep_cache)
2040 clear_delta_base_cache_entry(ent);
2041 else
2042 ret = xmemdupz(ent->data, ent->size);
2043 *type = ent->type;
2044 *base_size = ent->size;
2045 return ret;
2046 }
2047
2048 static inline void release_delta_base_cache(struct delta_base_cache_entry *ent)
2049 {
2050 if (ent->data) {
2051 free(ent->data);
2052 ent->data = NULL;
2053 ent->lru.next->prev = ent->lru.prev;
2054 ent->lru.prev->next = ent->lru.next;
2055 delta_base_cached -= ent->size;
2056 }
2057 }
2058
2059 void clear_delta_base_cache(void)
2060 {
2061 unsigned long p;
2062 for (p = 0; p < MAX_DELTA_CACHE; p++)
2063 release_delta_base_cache(&delta_base_cache[p]);
2064 }
2065
2066 static void add_delta_base_cache(struct packed_git *p, off_t base_offset,
2067 void *base, unsigned long base_size, enum object_type type)
2068 {
2069 unsigned long hash = pack_entry_hash(p, base_offset);
2070 struct delta_base_cache_entry *ent = delta_base_cache + hash;
2071 struct delta_base_cache_lru_list *lru;
2072
2073 release_delta_base_cache(ent);
2074 delta_base_cached += base_size;
2075
2076 for (lru = delta_base_cache_lru.next;
2077 delta_base_cached > delta_base_cache_limit
2078 && lru != &delta_base_cache_lru;
2079 lru = lru->next) {
2080 struct delta_base_cache_entry *f = (void *)lru;
2081 if (f->type == OBJ_BLOB)
2082 release_delta_base_cache(f);
2083 }
2084 for (lru = delta_base_cache_lru.next;
2085 delta_base_cached > delta_base_cache_limit
2086 && lru != &delta_base_cache_lru;
2087 lru = lru->next) {
2088 struct delta_base_cache_entry *f = (void *)lru;
2089 release_delta_base_cache(f);
2090 }
2091
2092 ent->p = p;
2093 ent->base_offset = base_offset;
2094 ent->type = type;
2095 ent->data = base;
2096 ent->size = base_size;
2097 ent->lru.next = &delta_base_cache_lru;
2098 ent->lru.prev = delta_base_cache_lru.prev;
2099 delta_base_cache_lru.prev->next = &ent->lru;
2100 delta_base_cache_lru.prev = &ent->lru;
2101 }
2102
2103 static void *read_object(const unsigned char *sha1, enum object_type *type,
2104 unsigned long *size);
2105
2106 static void write_pack_access_log(struct packed_git *p, off_t obj_offset)
2107 {
2108 static struct trace_key pack_access = TRACE_KEY_INIT(PACK_ACCESS);
2109 trace_printf_key(&pack_access, "%s %"PRIuMAX"\n",
2110 p->pack_name, (uintmax_t)obj_offset);
2111 }
2112
2113 int do_check_packed_object_crc;
2114
2115 #define UNPACK_ENTRY_STACK_PREALLOC 64
2116 struct unpack_entry_stack_ent {
2117 off_t obj_offset;
2118 off_t curpos;
2119 unsigned long size;
2120 };
2121
2122 void *unpack_entry(struct packed_git *p, off_t obj_offset,
2123 enum object_type *final_type, unsigned long *final_size)
2124 {
2125 struct pack_window *w_curs = NULL;
2126 off_t curpos = obj_offset;
2127 void *data = NULL;
2128 unsigned long size;
2129 enum object_type type;
2130 struct unpack_entry_stack_ent small_delta_stack[UNPACK_ENTRY_STACK_PREALLOC];
2131 struct unpack_entry_stack_ent *delta_stack = small_delta_stack;
2132 int delta_stack_nr = 0, delta_stack_alloc = UNPACK_ENTRY_STACK_PREALLOC;
2133 int base_from_cache = 0;
2134
2135 write_pack_access_log(p, obj_offset);
2136
2137 /* PHASE 1: drill down to the innermost base object */
2138 for (;;) {
2139 off_t base_offset;
2140 int i;
2141 struct delta_base_cache_entry *ent;
2142
2143 ent = get_delta_base_cache_entry(p, curpos);
2144 if (eq_delta_base_cache_entry(ent, p, curpos)) {
2145 type = ent->type;
2146 data = ent->data;
2147 size = ent->size;
2148 clear_delta_base_cache_entry(ent);
2149 base_from_cache = 1;
2150 break;
2151 }
2152
2153 if (do_check_packed_object_crc && p->index_version > 1) {
2154 struct revindex_entry *revidx = find_pack_revindex(p, obj_offset);
2155 unsigned long len = revidx[1].offset - obj_offset;
2156 if (check_pack_crc(p, &w_curs, obj_offset, len, revidx->nr)) {
2157 const unsigned char *sha1 =
2158 nth_packed_object_sha1(p, revidx->nr);
2159 error("bad packed object CRC for %s",
2160 sha1_to_hex(sha1));
2161 mark_bad_packed_object(p, sha1);
2162 unuse_pack(&w_curs);
2163 return NULL;
2164 }
2165 }
2166
2167 type = unpack_object_header(p, &w_curs, &curpos, &size);
2168 if (type != OBJ_OFS_DELTA && type != OBJ_REF_DELTA)
2169 break;
2170
2171 base_offset = get_delta_base(p, &w_curs, &curpos, type, obj_offset);
2172 if (!base_offset) {
2173 error("failed to validate delta base reference "
2174 "at offset %"PRIuMAX" from %s",
2175 (uintmax_t)curpos, p->pack_name);
2176 /* bail to phase 2, in hopes of recovery */
2177 data = NULL;
2178 break;
2179 }
2180
2181 /* push object, proceed to base */
2182 if (delta_stack_nr >= delta_stack_alloc
2183 && delta_stack == small_delta_stack) {
2184 delta_stack_alloc = alloc_nr(delta_stack_nr);
2185 delta_stack = xmalloc(sizeof(*delta_stack)*delta_stack_alloc);
2186 memcpy(delta_stack, small_delta_stack,
2187 sizeof(*delta_stack)*delta_stack_nr);
2188 } else {
2189 ALLOC_GROW(delta_stack, delta_stack_nr+1, delta_stack_alloc);
2190 }
2191 i = delta_stack_nr++;
2192 delta_stack[i].obj_offset = obj_offset;
2193 delta_stack[i].curpos = curpos;
2194 delta_stack[i].size = size;
2195
2196 curpos = obj_offset = base_offset;
2197 }
2198
2199 /* PHASE 2: handle the base */
2200 switch (type) {
2201 case OBJ_OFS_DELTA:
2202 case OBJ_REF_DELTA:
2203 if (data)
2204 die("BUG in unpack_entry: left loop at a valid delta");
2205 break;
2206 case OBJ_COMMIT:
2207 case OBJ_TREE:
2208 case OBJ_BLOB:
2209 case OBJ_TAG:
2210 if (!base_from_cache)
2211 data = unpack_compressed_entry(p, &w_curs, curpos, size);
2212 break;
2213 default:
2214 data = NULL;
2215 error("unknown object type %i at offset %"PRIuMAX" in %s",
2216 type, (uintmax_t)obj_offset, p->pack_name);
2217 }
2218
2219 /* PHASE 3: apply deltas in order */
2220
2221 /* invariants:
2222 * 'data' holds the base data, or NULL if there was corruption
2223 */
2224 while (delta_stack_nr) {
2225 void *delta_data;
2226 void *base = data;
2227 unsigned long delta_size, base_size = size;
2228 int i;
2229
2230 data = NULL;
2231
2232 if (base)
2233 add_delta_base_cache(p, obj_offset, base, base_size, type);
2234
2235 if (!base) {
2236 /*
2237 * We're probably in deep shit, but let's try to fetch
2238 * the required base anyway from another pack or loose.
2239 * This is costly but should happen only in the presence
2240 * of a corrupted pack, and is better than failing outright.
2241 */
2242 struct revindex_entry *revidx;
2243 const unsigned char *base_sha1;
2244 revidx = find_pack_revindex(p, obj_offset);
2245 if (revidx) {
2246 base_sha1 = nth_packed_object_sha1(p, revidx->nr);
2247 error("failed to read delta base object %s"
2248 " at offset %"PRIuMAX" from %s",
2249 sha1_to_hex(base_sha1), (uintmax_t)obj_offset,
2250 p->pack_name);
2251 mark_bad_packed_object(p, base_sha1);
2252 base = read_object(base_sha1, &type, &base_size);
2253 }
2254 }
2255
2256 i = --delta_stack_nr;
2257 obj_offset = delta_stack[i].obj_offset;
2258 curpos = delta_stack[i].curpos;
2259 delta_size = delta_stack[i].size;
2260
2261 if (!base)
2262 continue;
2263
2264 delta_data = unpack_compressed_entry(p, &w_curs, curpos, delta_size);
2265
2266 if (!delta_data) {
2267 error("failed to unpack compressed delta "
2268 "at offset %"PRIuMAX" from %s",
2269 (uintmax_t)curpos, p->pack_name);
2270 data = NULL;
2271 continue;
2272 }
2273
2274 data = patch_delta(base, base_size,
2275 delta_data, delta_size,
2276 &size);
2277
2278 /*
2279 * We could not apply the delta; warn the user, but keep going.
2280 * Our failure will be noticed either in the next iteration of
2281 * the loop, or if this is the final delta, in the caller when
2282 * we return NULL. Those code paths will take care of making
2283 * a more explicit warning and retrying with another copy of
2284 * the object.
2285 */
2286 if (!data)
2287 error("failed to apply delta");
2288
2289 free(delta_data);
2290 }
2291
2292 *final_type = type;
2293 *final_size = size;
2294
2295 unuse_pack(&w_curs);
2296
2297 if (delta_stack != small_delta_stack)
2298 free(delta_stack);
2299
2300 return data;
2301 }
2302
2303 const unsigned char *nth_packed_object_sha1(struct packed_git *p,
2304 uint32_t n)
2305 {
2306 const unsigned char *index = p->index_data;
2307 if (!index) {
2308 if (open_pack_index(p))
2309 return NULL;
2310 index = p->index_data;
2311 }
2312 if (n >= p->num_objects)
2313 return NULL;
2314 index += 4 * 256;
2315 if (p->index_version == 1) {
2316 return index + 24 * n + 4;
2317 } else {
2318 index += 8;
2319 return index + 20 * n;
2320 }
2321 }
2322
2323 off_t nth_packed_object_offset(const struct packed_git *p, uint32_t n)
2324 {
2325 const unsigned char *index = p->index_data;
2326 index += 4 * 256;
2327 if (p->index_version == 1) {
2328 return ntohl(*((uint32_t *)(index + 24 * n)));
2329 } else {
2330 uint32_t off;
2331 index += 8 + p->num_objects * (20 + 4);
2332 off = ntohl(*((uint32_t *)(index + 4 * n)));
2333 if (!(off & 0x80000000))
2334 return off;
2335 index += p->num_objects * 4 + (off & 0x7fffffff) * 8;
2336 return (((uint64_t)ntohl(*((uint32_t *)(index + 0)))) << 32) |
2337 ntohl(*((uint32_t *)(index + 4)));
2338 }
2339 }
2340
2341 off_t find_pack_entry_one(const unsigned char *sha1,
2342 struct packed_git *p)
2343 {
2344 const uint32_t *level1_ofs = p->index_data;
2345 const unsigned char *index = p->index_data;
2346 unsigned hi, lo, stride;
2347 static int use_lookup = -1;
2348 static int debug_lookup = -1;
2349
2350 if (debug_lookup < 0)
2351 debug_lookup = !!getenv("GIT_DEBUG_LOOKUP");
2352
2353 if (!index) {
2354 if (open_pack_index(p))
2355 return 0;
2356 level1_ofs = p->index_data;
2357 index = p->index_data;
2358 }
2359 if (p->index_version > 1) {
2360 level1_ofs += 2;
2361 index += 8;
2362 }
2363 index += 4 * 256;
2364 hi = ntohl(level1_ofs[*sha1]);
2365 lo = ((*sha1 == 0x0) ? 0 : ntohl(level1_ofs[*sha1 - 1]));
2366 if (p->index_version > 1) {
2367 stride = 20;
2368 } else {
2369 stride = 24;
2370 index += 4;
2371 }
2372
2373 if (debug_lookup)
2374 printf("%02x%02x%02x... lo %u hi %u nr %"PRIu32"\n",
2375 sha1[0], sha1[1], sha1[2], lo, hi, p->num_objects);
2376
2377 if (use_lookup < 0)
2378 use_lookup = !!getenv("GIT_USE_LOOKUP");
2379 if (use_lookup) {
2380 int pos = sha1_entry_pos(index, stride, 0,
2381 lo, hi, p->num_objects, sha1);
2382 if (pos < 0)
2383 return 0;
2384 return nth_packed_object_offset(p, pos);
2385 }
2386
2387 do {
2388 unsigned mi = (lo + hi) / 2;
2389 int cmp = hashcmp(index + mi * stride, sha1);
2390
2391 if (debug_lookup)
2392 printf("lo %u hi %u rg %u mi %u\n",
2393 lo, hi, hi - lo, mi);
2394 if (!cmp)
2395 return nth_packed_object_offset(p, mi);
2396 if (cmp > 0)
2397 hi = mi;
2398 else
2399 lo = mi+1;
2400 } while (lo < hi);
2401 return 0;
2402 }
2403
2404 int is_pack_valid(struct packed_git *p)
2405 {
2406 /* An already open pack is known to be valid. */
2407 if (p->pack_fd != -1)
2408 return 1;
2409
2410 /* If the pack has one window completely covering the
2411 * file size, the pack is known to be valid even if
2412 * the descriptor is not currently open.
2413 */
2414 if (p->windows) {
2415 struct pack_window *w = p->windows;
2416
2417 if (!w->offset && w->len == p->pack_size)
2418 return 1;
2419 }
2420
2421 /* Force the pack to open to prove its valid. */
2422 return !open_packed_git(p);
2423 }
2424
2425 static int fill_pack_entry(const unsigned char *sha1,
2426 struct pack_entry *e,
2427 struct packed_git *p)
2428 {
2429 off_t offset;
2430
2431 if (p->num_bad_objects) {
2432 unsigned i;
2433 for (i = 0; i < p->num_bad_objects; i++)
2434 if (!hashcmp(sha1, p->bad_object_sha1 + 20 * i))
2435 return 0;
2436 }
2437
2438 offset = find_pack_entry_one(sha1, p);
2439 if (!offset)
2440 return 0;
2441
2442 /*
2443 * We are about to tell the caller where they can locate the
2444 * requested object. We better make sure the packfile is
2445 * still here and can be accessed before supplying that
2446 * answer, as it may have been deleted since the index was
2447 * loaded!
2448 */
2449 if (!is_pack_valid(p)) {
2450 warning("packfile %s cannot be accessed", p->pack_name);
2451 return 0;
2452 }
2453 e->offset = offset;
2454 e->p = p;
2455 hashcpy(e->sha1, sha1);
2456 return 1;
2457 }
2458
2459 /*
2460 * Iff a pack file contains the object named by sha1, return true and
2461 * store its location to e.
2462 */
2463 static int find_pack_entry(const unsigned char *sha1, struct pack_entry *e)
2464 {
2465 struct packed_git *p;
2466
2467 prepare_packed_git();
2468 if (!packed_git)
2469 return 0;
2470
2471 if (last_found_pack && fill_pack_entry(sha1, e, last_found_pack))
2472 return 1;
2473
2474 for (p = packed_git; p; p = p->next) {
2475 if (p == last_found_pack)
2476 continue; /* we already checked this one */
2477
2478 if (fill_pack_entry(sha1, e, p)) {
2479 last_found_pack = p;
2480 return 1;
2481 }
2482 }
2483 return 0;
2484 }
2485
2486 struct packed_git *find_sha1_pack(const unsigned char *sha1,
2487 struct packed_git *packs)
2488 {
2489 struct packed_git *p;
2490
2491 for (p = packs; p; p = p->next) {
2492 if (find_pack_entry_one(sha1, p))
2493 return p;
2494 }
2495 return NULL;
2496
2497 }
2498
2499 static int sha1_loose_object_info(const unsigned char *sha1,
2500 struct object_info *oi)
2501 {
2502 int status;
2503 unsigned long mapsize, size;
2504 void *map;
2505 git_zstream stream;
2506 char hdr[32];
2507
2508 if (oi->delta_base_sha1)
2509 hashclr(oi->delta_base_sha1);
2510
2511 /*
2512 * If we don't care about type or size, then we don't
2513 * need to look inside the object at all. Note that we
2514 * do not optimize out the stat call, even if the
2515 * caller doesn't care about the disk-size, since our
2516 * return value implicitly indicates whether the
2517 * object even exists.
2518 */
2519 if (!oi->typep && !oi->sizep) {
2520 struct stat st;
2521 if (stat_sha1_file(sha1, &st) < 0)
2522 return -1;
2523 if (oi->disk_sizep)
2524 *oi->disk_sizep = st.st_size;
2525 return 0;
2526 }
2527
2528 map = map_sha1_file(sha1, &mapsize);
2529 if (!map)
2530 return -1;
2531 if (oi->disk_sizep)
2532 *oi->disk_sizep = mapsize;
2533 if (unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr)) < 0)
2534 status = error("unable to unpack %s header",
2535 sha1_to_hex(sha1));
2536 else if ((status = parse_sha1_header(hdr, &size)) < 0)
2537 status = error("unable to parse %s header", sha1_to_hex(sha1));
2538 else if (oi->sizep)
2539 *oi->sizep = size;
2540 git_inflate_end(&stream);
2541 munmap(map, mapsize);
2542 if (oi->typep)
2543 *oi->typep = status;
2544 return 0;
2545 }
2546
2547 int sha1_object_info_extended(const unsigned char *sha1, struct object_info *oi, unsigned flags)
2548 {
2549 struct cached_object *co;
2550 struct pack_entry e;
2551 int rtype;
2552 const unsigned char *real = lookup_replace_object_extended(sha1, flags);
2553
2554 co = find_cached_object(real);
2555 if (co) {
2556 if (oi->typep)
2557 *(oi->typep) = co->type;
2558 if (oi->sizep)
2559 *(oi->sizep) = co->size;
2560 if (oi->disk_sizep)
2561 *(oi->disk_sizep) = 0;
2562 if (oi->delta_base_sha1)
2563 hashclr(oi->delta_base_sha1);
2564 oi->whence = OI_CACHED;
2565 return 0;
2566 }
2567
2568 if (!find_pack_entry(real, &e)) {
2569 /* Most likely it's a loose object. */
2570 if (!sha1_loose_object_info(real, oi)) {
2571 oi->whence = OI_LOOSE;
2572 return 0;
2573 }
2574
2575 /* Not a loose object; someone else may have just packed it. */
2576 reprepare_packed_git();
2577 if (!find_pack_entry(real, &e))
2578 return -1;
2579 }
2580
2581 rtype = packed_object_info(e.p, e.offset, oi);
2582 if (rtype < 0) {
2583 mark_bad_packed_object(e.p, real);
2584 return sha1_object_info_extended(real, oi, 0);
2585 } else if (in_delta_base_cache(e.p, e.offset)) {
2586 oi->whence = OI_DBCACHED;
2587 } else {
2588 oi->whence = OI_PACKED;
2589 oi->u.packed.offset = e.offset;
2590 oi->u.packed.pack = e.p;
2591 oi->u.packed.is_delta = (rtype == OBJ_REF_DELTA ||
2592 rtype == OBJ_OFS_DELTA);
2593 }
2594
2595 return 0;
2596 }
2597
2598 /* returns enum object_type or negative */
2599 int sha1_object_info(const unsigned char *sha1, unsigned long *sizep)
2600 {
2601 enum object_type type;
2602 struct object_info oi = {NULL};
2603
2604 oi.typep = &type;
2605 oi.sizep = sizep;
2606 if (sha1_object_info_extended(sha1, &oi, LOOKUP_REPLACE_OBJECT) < 0)
2607 return -1;
2608 return type;
2609 }
2610
2611 static void *read_packed_sha1(const unsigned char *sha1,
2612 enum object_type *type, unsigned long *size)
2613 {
2614 struct pack_entry e;
2615 void *data;
2616
2617 if (!find_pack_entry(sha1, &e))
2618 return NULL;
2619 data = cache_or_unpack_entry(e.p, e.offset, size, type, 1);
2620 if (!data) {
2621 /*
2622 * We're probably in deep shit, but let's try to fetch
2623 * the required object anyway from another pack or loose.
2624 * This should happen only in the presence of a corrupted
2625 * pack, and is better than failing outright.
2626 */
2627 error("failed to read object %s at offset %"PRIuMAX" from %s",
2628 sha1_to_hex(sha1), (uintmax_t)e.offset, e.p->pack_name);
2629 mark_bad_packed_object(e.p, sha1);
2630 data = read_object(sha1, type, size);
2631 }
2632 return data;
2633 }
2634
2635 int pretend_sha1_file(void *buf, unsigned long len, enum object_type type,
2636 unsigned char *sha1)
2637 {
2638 struct cached_object *co;
2639
2640 hash_sha1_file(buf, len, typename(type), sha1);
2641 if (has_sha1_file(sha1) || find_cached_object(sha1))
2642 return 0;
2643 ALLOC_GROW(cached_objects, cached_object_nr + 1, cached_object_alloc);
2644 co = &cached_objects[cached_object_nr++];
2645 co->size = len;
2646 co->type = type;
2647 co->buf = xmalloc(len);
2648 memcpy(co->buf, buf, len);
2649 hashcpy(co->sha1, sha1);
2650 return 0;
2651 }
2652
2653 static void *read_object(const unsigned char *sha1, enum object_type *type,
2654 unsigned long *size)
2655 {
2656 unsigned long mapsize;
2657 void *map, *buf;
2658 struct cached_object *co;
2659
2660 co = find_cached_object(sha1);
2661 if (co) {
2662 *type = co->type;
2663 *size = co->size;
2664 return xmemdupz(co->buf, co->size);
2665 }
2666
2667 buf = read_packed_sha1(sha1, type, size);
2668 if (buf)
2669 return buf;
2670 map = map_sha1_file(sha1, &mapsize);
2671 if (map) {
2672 buf = unpack_sha1_file(map, mapsize, type, size, sha1);
2673 munmap(map, mapsize);
2674 return buf;
2675 }
2676 reprepare_packed_git();
2677 return read_packed_sha1(sha1, type, size);
2678 }
2679
2680 /*
2681 * This function dies on corrupt objects; the callers who want to
2682 * deal with them should arrange to call read_object() and give error
2683 * messages themselves.
2684 */
2685 void *read_sha1_file_extended(const unsigned char *sha1,
2686 enum object_type *type,
2687 unsigned long *size,
2688 unsigned flag)
2689 {
2690 void *data;
2691 const struct packed_git *p;
2692 const unsigned char *repl = lookup_replace_object_extended(sha1, flag);
2693
2694 errno = 0;
2695 data = read_object(repl, type, size);
2696 if (data)
2697 return data;
2698
2699 if (errno && errno != ENOENT)
2700 die_errno("failed to read object %s", sha1_to_hex(sha1));
2701
2702 /* die if we replaced an object with one that does not exist */
2703 if (repl != sha1)
2704 die("replacement %s not found for %s",
2705 sha1_to_hex(repl), sha1_to_hex(sha1));
2706
2707 if (has_loose_object(repl)) {
2708 const char *path = sha1_file_name(sha1);
2709
2710 die("loose object %s (stored in %s) is corrupt",
2711 sha1_to_hex(repl), path);
2712 }
2713
2714 if ((p = has_packed_and_bad(repl)) != NULL)
2715 die("packed object %s (stored in %s) is corrupt",
2716 sha1_to_hex(repl), p->pack_name);
2717
2718 return NULL;
2719 }
2720
2721 void *read_object_with_reference(const unsigned char *sha1,
2722 const char *required_type_name,
2723 unsigned long *size,
2724 unsigned char *actual_sha1_return)
2725 {
2726 enum object_type type, required_type;
2727 void *buffer;
2728 unsigned long isize;
2729 unsigned char actual_sha1[20];
2730
2731 required_type = type_from_string(required_type_name);
2732 hashcpy(actual_sha1, sha1);
2733 while (1) {
2734 int ref_length = -1;
2735 const char *ref_type = NULL;
2736
2737 buffer = read_sha1_file(actual_sha1, &type, &isize);
2738 if (!buffer)
2739 return NULL;
2740 if (type == required_type) {
2741 *size = isize;
2742 if (actual_sha1_return)
2743 hashcpy(actual_sha1_return, actual_sha1);
2744 return buffer;
2745 }
2746 /* Handle references */
2747 else if (type == OBJ_COMMIT)
2748 ref_type = "tree ";
2749 else if (type == OBJ_TAG)
2750 ref_type = "object ";
2751 else {
2752 free(buffer);
2753 return NULL;
2754 }
2755 ref_length = strlen(ref_type);
2756
2757 if (ref_length + 40 > isize ||
2758 memcmp(buffer, ref_type, ref_length) ||
2759 get_sha1_hex((char *) buffer + ref_length, actual_sha1)) {
2760 free(buffer);
2761 return NULL;
2762 }
2763 free(buffer);
2764 /* Now we have the ID of the referred-to object in
2765 * actual_sha1. Check again. */
2766 }
2767 }
2768
2769 static void write_sha1_file_prepare(const void *buf, unsigned long len,
2770 const char *type, unsigned char *sha1,
2771 char *hdr, int *hdrlen)
2772 {
2773 git_SHA_CTX c;
2774
2775 /* Generate the header */
2776 *hdrlen = sprintf(hdr, "%s %lu", type, len)+1;
2777
2778 /* Sha1.. */
2779 git_SHA1_Init(&c);
2780 git_SHA1_Update(&c, hdr, *hdrlen);
2781 git_SHA1_Update(&c, buf, len);
2782 git_SHA1_Final(sha1, &c);
2783 }
2784
2785 /*
2786 * Move the just written object into its final resting place.
2787 * NEEDSWORK: this should be renamed to finalize_temp_file() as
2788 * "moving" is only a part of what it does, when no patch between
2789 * master to pu changes the call sites of this function.
2790 */
2791 int move_temp_to_file(const char *tmpfile, const char *filename)
2792 {
2793 int ret = 0;
2794
2795 if (object_creation_mode == OBJECT_CREATION_USES_RENAMES)
2796 goto try_rename;
2797 else if (link(tmpfile, filename))
2798 ret = errno;
2799
2800 /*
2801 * Coda hack - coda doesn't like cross-directory links,
2802 * so we fall back to a rename, which will mean that it
2803 * won't be able to check collisions, but that's not a
2804 * big deal.
2805 *
2806 * The same holds for FAT formatted media.
2807 *
2808 * When this succeeds, we just return. We have nothing
2809 * left to unlink.
2810 */
2811 if (ret && ret != EEXIST) {
2812 try_rename:
2813 if (!rename(tmpfile, filename))
2814 goto out;
2815 ret = errno;
2816 }
2817 unlink_or_warn(tmpfile);
2818 if (ret) {
2819 if (ret != EEXIST) {
2820 return error("unable to write sha1 filename %s: %s", filename, strerror(ret));
2821 }
2822 /* FIXME!!! Collision check here ? */
2823 }
2824
2825 out:
2826 if (adjust_shared_perm(filename))
2827 return error("unable to set permission to '%s'", filename);
2828 return 0;
2829 }
2830
2831 static int write_buffer(int fd, const void *buf, size_t len)
2832 {
2833 if (write_in_full(fd, buf, len) < 0)
2834 return error("file write error (%s)", strerror(errno));
2835 return 0;
2836 }
2837
2838 int hash_sha1_file(const void *buf, unsigned long len, const char *type,
2839 unsigned char *sha1)
2840 {
2841 char hdr[32];
2842 int hdrlen;
2843 write_sha1_file_prepare(buf, len, type, sha1, hdr, &hdrlen);
2844 return 0;
2845 }
2846
2847 /* Finalize a file on disk, and close it. */
2848 static void close_sha1_file(int fd)
2849 {
2850 if (fsync_object_files)
2851 fsync_or_die(fd, "sha1 file");
2852 if (close(fd) != 0)
2853 die_errno("error when closing sha1 file");
2854 }
2855
2856 /* Size of directory component, including the ending '/' */
2857 static inline int directory_size(const char *filename)
2858 {
2859 const char *s = strrchr(filename, '/');
2860 if (!s)
2861 return 0;
2862 return s - filename + 1;
2863 }
2864
2865 /*
2866 * This creates a temporary file in the same directory as the final
2867 * 'filename'
2868 *
2869 * We want to avoid cross-directory filename renames, because those
2870 * can have problems on various filesystems (FAT, NFS, Coda).
2871 */
2872 static int create_tmpfile(char *buffer, size_t bufsiz, const char *filename)
2873 {
2874 int fd, dirlen = directory_size(filename);
2875
2876 if (dirlen + 20 > bufsiz) {
2877 errno = ENAMETOOLONG;
2878 return -1;
2879 }
2880 memcpy(buffer, filename, dirlen);
2881 strcpy(buffer + dirlen, "tmp_obj_XXXXXX");
2882 fd = git_mkstemp_mode(buffer, 0444);
2883 if (fd < 0 && dirlen && errno == ENOENT) {
2884 /* Make sure the directory exists */
2885 memcpy(buffer, filename, dirlen);
2886 buffer[dirlen-1] = 0;
2887 if (mkdir(buffer, 0777) && errno != EEXIST)
2888 return -1;
2889 if (adjust_shared_perm(buffer))
2890 return -1;
2891
2892 /* Try again */
2893 strcpy(buffer + dirlen - 1, "/tmp_obj_XXXXXX");
2894 fd = git_mkstemp_mode(buffer, 0444);
2895 }
2896 return fd;
2897 }
2898
2899 static int write_loose_object(const unsigned char *sha1, char *hdr, int hdrlen,
2900 const void *buf, unsigned long len, time_t mtime)
2901 {
2902 int fd, ret;
2903 unsigned char compressed[4096];
2904 git_zstream stream;
2905 git_SHA_CTX c;
2906 unsigned char parano_sha1[20];
2907 static char tmp_file[PATH_MAX];
2908 const char *filename = sha1_file_name(sha1);
2909
2910 fd = create_tmpfile(tmp_file, sizeof(tmp_file), filename);
2911 if (fd < 0) {
2912 if (errno == EACCES)
2913 return error("insufficient permission for adding an object to repository database %s", get_object_directory());
2914 else
2915 return error("unable to create temporary file: %s", strerror(errno));
2916 }
2917
2918 /* Set it up */
2919 memset(&stream, 0, sizeof(stream));
2920 git_deflate_init(&stream, zlib_compression_level);
2921 stream.next_out = compressed;
2922 stream.avail_out = sizeof(compressed);
2923 git_SHA1_Init(&c);
2924
2925 /* First header.. */
2926 stream.next_in = (unsigned char *)hdr;
2927 stream.avail_in = hdrlen;
2928 while (git_deflate(&stream, 0) == Z_OK)
2929 ; /* nothing */
2930 git_SHA1_Update(&c, hdr, hdrlen);
2931
2932 /* Then the data itself.. */
2933 stream.next_in = (void *)buf;
2934 stream.avail_in = len;
2935 do {
2936 unsigned char *in0 = stream.next_in;
2937 ret = git_deflate(&stream, Z_FINISH);
2938 git_SHA1_Update(&c, in0, stream.next_in - in0);
2939 if (write_buffer(fd, compressed, stream.next_out - compressed) < 0)
2940 die("unable to write sha1 file");
2941 stream.next_out = compressed;
2942 stream.avail_out = sizeof(compressed);
2943 } while (ret == Z_OK);
2944
2945 if (ret != Z_STREAM_END)
2946 die("unable to deflate new object %s (%d)", sha1_to_hex(sha1), ret);
2947 ret = git_deflate_end_gently(&stream);
2948 if (ret != Z_OK)
2949 die("deflateEnd on object %s failed (%d)", sha1_to_hex(sha1), ret);
2950 git_SHA1_Final(parano_sha1, &c);
2951 if (hashcmp(sha1, parano_sha1) != 0)
2952 die("confused by unstable object source data for %s", sha1_to_hex(sha1));
2953
2954 close_sha1_file(fd);
2955
2956 if (mtime) {
2957 struct utimbuf utb;
2958 utb.actime = mtime;
2959 utb.modtime = mtime;
2960 if (utime(tmp_file, &utb) < 0)
2961 warning("failed utime() on %s: %s",
2962 tmp_file, strerror(errno));
2963 }
2964
2965 return move_temp_to_file(tmp_file, filename);
2966 }
2967
2968 int write_sha1_file(const void *buf, unsigned long len, const char *type, unsigned char *returnsha1)
2969 {
2970 unsigned char sha1[20];
2971 char hdr[32];
2972 int hdrlen;
2973
2974 /* Normally if we have it in the pack then we do not bother writing
2975 * it out into .git/objects/??/?{38} file.
2976 */
2977 write_sha1_file_prepare(buf, len, type, sha1, hdr, &hdrlen);
2978 if (returnsha1)
2979 hashcpy(returnsha1, sha1);
2980 if (has_sha1_file(sha1))
2981 return 0;
2982 return write_loose_object(sha1, hdr, hdrlen, buf, len, 0);
2983 }
2984
2985 int force_object_loose(const unsigned char *sha1, time_t mtime)
2986 {
2987 void *buf;
2988 unsigned long len;
2989 enum object_type type;
2990 char hdr[32];
2991 int hdrlen;
2992 int ret;
2993
2994 if (has_loose_object(sha1))
2995 return 0;
2996 buf = read_packed_sha1(sha1, &type, &len);
2997 if (!buf)
2998 return error("cannot read sha1_file for %s", sha1_to_hex(sha1));
2999 hdrlen = sprintf(hdr, "%s %lu", typename(type), len) + 1;
3000 ret = write_loose_object(sha1, hdr, hdrlen, buf, len, mtime);
3001 free(buf);
3002
3003 return ret;
3004 }
3005
3006 int has_pack_index(const unsigned char *sha1)
3007 {
3008 struct stat st;
3009 if (stat(sha1_pack_index_name(sha1), &st))
3010 return 0;
3011 return 1;
3012 }
3013
3014 int has_sha1_pack(const unsigned char *sha1)
3015 {
3016 struct pack_entry e;
3017 return find_pack_entry(sha1, &e);
3018 }
3019
3020 int has_sha1_file(const unsigned char *sha1)
3021 {
3022 struct pack_entry e;
3023
3024 if (find_pack_entry(sha1, &e))
3025 return 1;
3026 if (has_loose_object(sha1))
3027 return 1;
3028 reprepare_packed_git();
3029 return find_pack_entry(sha1, &e);
3030 }
3031
3032 static void check_tree(const void *buf, size_t size)
3033 {
3034 struct tree_desc desc;
3035 struct name_entry entry;
3036
3037 init_tree_desc(&desc, buf, size);
3038 while (tree_entry(&desc, &entry))
3039 /* do nothing
3040 * tree_entry() will die() on malformed entries */
3041 ;
3042 }
3043
3044 static void check_commit(const void *buf, size_t size)
3045 {
3046 struct commit c;
3047 memset(&c, 0, sizeof(c));
3048 if (parse_commit_buffer(&c, buf, size))
3049 die("corrupt commit");
3050 }
3051
3052 static void check_tag(const void *buf, size_t size)
3053 {
3054 struct tag t;
3055 memset(&t, 0, sizeof(t));
3056 if (parse_tag_buffer(&t, buf, size))
3057 die("corrupt tag");
3058 }
3059
3060 static int index_mem(unsigned char *sha1, void *buf, size_t size,
3061 enum object_type type,
3062 const char *path, unsigned flags)
3063 {
3064 int ret, re_allocated = 0;
3065 int write_object = flags & HASH_WRITE_OBJECT;
3066
3067 if (!type)
3068 type = OBJ_BLOB;
3069
3070 /*
3071 * Convert blobs to git internal format
3072 */
3073 if ((type == OBJ_BLOB) && path) {
3074 struct strbuf nbuf = STRBUF_INIT;
3075 if (convert_to_git(path, buf, size, &nbuf,
3076 write_object ? safe_crlf : SAFE_CRLF_FALSE)) {
3077 buf = strbuf_detach(&nbuf, &size);
3078 re_allocated = 1;
3079 }
3080 }
3081 if (flags & HASH_FORMAT_CHECK) {
3082 if (type == OBJ_TREE)
3083 check_tree(buf, size);
3084 if (type == OBJ_COMMIT)
3085 check_commit(buf, size);
3086 if (type == OBJ_TAG)
3087 check_tag(buf, size);
3088 }
3089
3090 if (write_object)
3091 ret = write_sha1_file(buf, size, typename(type), sha1);
3092 else
3093 ret = hash_sha1_file(buf, size, typename(type), sha1);
3094 if (re_allocated)
3095 free(buf);
3096 return ret;
3097 }
3098
3099 static int index_stream_convert_blob(unsigned char *sha1, int fd,
3100 const char *path, unsigned flags)
3101 {
3102 int ret;
3103 const int write_object = flags & HASH_WRITE_OBJECT;
3104 struct strbuf sbuf = STRBUF_INIT;
3105
3106 assert(path);
3107 assert(would_convert_to_git_filter_fd(path));
3108
3109 convert_to_git_filter_fd(path, fd, &sbuf,
3110 write_object ? safe_crlf : SAFE_CRLF_FALSE);
3111
3112 if (write_object)
3113 ret = write_sha1_file(sbuf.buf, sbuf.len, typename(OBJ_BLOB),
3114 sha1);
3115 else
3116 ret = hash_sha1_file(sbuf.buf, sbuf.len, typename(OBJ_BLOB),
3117 sha1);
3118 strbuf_release(&sbuf);
3119 return ret;
3120 }
3121
3122 static int index_pipe(unsigned char *sha1, int fd, enum object_type type,
3123 const char *path, unsigned flags)
3124 {
3125 struct strbuf sbuf = STRBUF_INIT;
3126 int ret;
3127
3128 if (strbuf_read(&sbuf, fd, 4096) >= 0)
3129 ret = index_mem(sha1, sbuf.buf, sbuf.len, type, path, flags);
3130 else
3131 ret = -1;
3132 strbuf_release(&sbuf);
3133 return ret;
3134 }
3135
3136 #define SMALL_FILE_SIZE (32*1024)
3137
3138 static int index_core(unsigned char *sha1, int fd, size_t size,
3139 enum object_type type, const char *path,
3140 unsigned flags)
3141 {
3142 int ret;
3143
3144 if (!size) {
3145 ret = index_mem(sha1, NULL, size, type, path, flags);
3146 } else if (size <= SMALL_FILE_SIZE) {
3147 char *buf = xmalloc(size);
3148 if (size == read_in_full(fd, buf, size))
3149 ret = index_mem(sha1, buf, size, type, path, flags);
3150 else
3151 ret = error("short read %s", strerror(errno));
3152 free(buf);
3153 } else {
3154 void *buf = xmmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
3155 ret = index_mem(sha1, buf, size, type, path, flags);
3156 munmap(buf, size);
3157 }
3158 return ret;
3159 }
3160
3161 /*
3162 * This creates one packfile per large blob unless bulk-checkin
3163 * machinery is "plugged".
3164 *
3165 * This also bypasses the usual "convert-to-git" dance, and that is on
3166 * purpose. We could write a streaming version of the converting
3167 * functions and insert that before feeding the data to fast-import
3168 * (or equivalent in-core API described above). However, that is
3169 * somewhat complicated, as we do not know the size of the filter
3170 * result, which we need to know beforehand when writing a git object.
3171 * Since the primary motivation for trying to stream from the working
3172 * tree file and to avoid mmaping it in core is to deal with large
3173 * binary blobs, they generally do not want to get any conversion, and
3174 * callers should avoid this code path when filters are requested.
3175 */
3176 static int index_stream(unsigned char *sha1, int fd, size_t size,
3177 enum object_type type, const char *path,
3178 unsigned flags)
3179 {
3180 return index_bulk_checkin(sha1, fd, size, type, path, flags);
3181 }
3182
3183 int index_fd(unsigned char *sha1, int fd, struct stat *st,
3184 enum object_type type, const char *path, unsigned flags)
3185 {
3186 int ret;
3187
3188 /*
3189 * Call xsize_t() only when needed to avoid potentially unnecessary
3190 * die() for large files.
3191 */
3192 if (type == OBJ_BLOB && path && would_convert_to_git_filter_fd(path))
3193 ret = index_stream_convert_blob(sha1, fd, path, flags);
3194 else if (!S_ISREG(st->st_mode))
3195 ret = index_pipe(sha1, fd, type, path, flags);
3196 else if (st->st_size <= big_file_threshold || type != OBJ_BLOB ||
3197 (path && would_convert_to_git(path)))
3198 ret = index_core(sha1, fd, xsize_t(st->st_size), type, path,
3199 flags);
3200 else
3201 ret = index_stream(sha1, fd, xsize_t(st->st_size), type, path,
3202 flags);
3203 close(fd);
3204 return ret;
3205 }
3206
3207 int index_path(unsigned char *sha1, const char *path, struct stat *st, unsigned flags)
3208 {
3209 int fd;
3210 struct strbuf sb = STRBUF_INIT;
3211
3212 switch (st->st_mode & S_IFMT) {
3213 case S_IFREG:
3214 fd = open(path, O_RDONLY);
3215 if (fd < 0)
3216 return error("open(\"%s\"): %s", path,
3217 strerror(errno));
3218 if (index_fd(sha1, fd, st, OBJ_BLOB, path, flags) < 0)
3219 return error("%s: failed to insert into database",
3220 path);
3221 break;
3222 case S_IFLNK:
3223 if (strbuf_readlink(&sb, path, st->st_size)) {
3224 char *errstr = strerror(errno);
3225 return error("readlink(\"%s\"): %s", path,
3226 errstr);
3227 }
3228 if (!(flags & HASH_WRITE_OBJECT))
3229 hash_sha1_file(sb.buf, sb.len, blob_type, sha1);
3230 else if (write_sha1_file(sb.buf, sb.len, blob_type, sha1))
3231 return error("%s: failed to insert into database",
3232 path);
3233 strbuf_release(&sb);
3234 break;
3235 case S_IFDIR:
3236 return resolve_gitlink_ref(path, "HEAD", sha1);
3237 default:
3238 return error("%s: unsupported file type", path);
3239 }
3240 return 0;
3241 }
3242
3243 int read_pack_header(int fd, struct pack_header *header)
3244 {
3245 if (read_in_full(fd, header, sizeof(*header)) < sizeof(*header))
3246 /* "eof before pack header was fully read" */
3247 return PH_ERROR_EOF;
3248
3249 if (header->hdr_signature != htonl(PACK_SIGNATURE))
3250 /* "protocol error (pack signature mismatch detected)" */
3251 return PH_ERROR_PACK_SIGNATURE;
3252 if (!pack_version_ok(header->hdr_version))
3253 /* "protocol error (pack version unsupported)" */
3254 return PH_ERROR_PROTOCOL;
3255 return 0;
3256 }
3257
3258 void assert_sha1_type(const unsigned char *sha1, enum object_type expect)
3259 {
3260 enum object_type type = sha1_object_info(sha1, NULL);
3261 if (type < 0)
3262 die("%s is not a valid object", sha1_to_hex(sha1));
3263 if (type != expect)
3264 die("%s is not a valid '%s' object", sha1_to_hex(sha1),
3265 typename(expect));
3266 }
The Best VCS Around