Mercurial > hg-stable
view mercurial/bdiff.h @ 40670:87a872555e90
revlog: detect incomplete revlog reads
_readsegment() is supposed to return N bytes of revlog revision
data starting at a file offset. Surprisingly, its behavior before
this patch never verified that it actually read and returned N
bytes! Instead, it would perform the read(), then return whatever
data was available. And even more surprisingly, nothing in the
call chain appears to have been validating that it received all
the data it was expecting.
This behavior could lead to partial or incomplete revision chunks
being operated on. This could result in e.g. cached deltas being
applied against incomplete base revisions. The delta application
process would happily perform this operation. Only hash
verification would detect the corruption and save us.
This commit changes the behavior of raw revlog reading to validate
that we actually read() the number of bytes that were requested.
We will raise a more specific error faster, rather than possibly
have it go undetected or manifest later in the call stack, at
delta application or hash verification.
Differential Revision: https://phab.mercurial-scm.org/D5266
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 13 Nov 2018 12:30:59 -0800 |
parents | 174d115d8104 |
children | d86908050375 |
line wrap: on
line source
#ifndef _HG_BDIFF_H_ #define _HG_BDIFF_H_ #include "compat.h" struct bdiff_line { int hash, n, e; ssize_t len; const char *l; }; struct bdiff_hunk; struct bdiff_hunk { int a1, a2, b1, b2; struct bdiff_hunk *next; }; int bdiff_splitlines(const char *a, ssize_t len, struct bdiff_line **lr); int bdiff_diff(struct bdiff_line *a, int an, struct bdiff_line *b, int bn, struct bdiff_hunk *base); void bdiff_freehunks(struct bdiff_hunk *l); #endif