On 16/03/17 14:27, Jeff King wrote:
> In several places we write the name of the pack filename
> into a fixed-size buffer using snprintf(), but do not check
> the return value. As a result, a very long object directory
> could cause us to quietly truncate the pack filename
> (potentially leading to a corrupted repository, as a newly
> written packfile could be missing its .pack extension).
>
> We can use odb_pack_name() to do this with a strbuf (and
> shorten the code, as well).
>
> Signed-off-by: Jeff King <[email protected]>
> ---
> builtin/index-pack.c | 27 +++++++++++----------------
> fast-import.c | 28 +++++++++++++---------------
> 2 files changed, 24 insertions(+), 31 deletions(-)
>
[snip]
> diff --git a/fast-import.c b/fast-import.c
> index dad697653..41a539f97 100644
> --- a/fast-import.c
> +++ b/fast-import.c
> @@ -940,43 +940,40 @@ static const char *create_index(void)
>
> static char *keep_pack(const char *curr_index_name)
> {
> - static char name[PATH_MAX];
> static const char *keep_msg = "fast-import";
> + struct strbuf name = STRBUF_INIT;
> int keep_fd;
>
> - snprintf(name, sizeof(name), "%s/pack/pack-%s.keep",
> - get_object_directory(), sha1_to_hex(pack_data->sha1));
> - keep_fd = odb_pack_keep(name);
> + odb_pack_name(&name, pack_data->sha1, "keep");
> + keep_fd = odb_pack_keep(name.buf);
> if (keep_fd < 0)
> die_errno("cannot create keep file");
> write_or_die(keep_fd, keep_msg, strlen(keep_msg));
> if (close(keep_fd))
> die_errno("failed to write keep file");
>
> - snprintf(name, sizeof(name), "%s/pack/pack-%s.pack",
> - get_object_directory(), sha1_to_hex(pack_data->sha1));
> - if (finalize_object_file(pack_data->pack_name, name))
> + odb_pack_name(&name, pack_data->sha1, "pack");
> + if (finalize_object_file(pack_data->pack_name, name.buf))
> die("cannot store pack file");
>
> - snprintf(name, sizeof(name), "%s/pack/pack-%s.idx",
> - get_object_directory(), sha1_to_hex(pack_data->sha1));
> - if (finalize_object_file(curr_index_name, name))
> + odb_pack_name(&name, pack_data->sha1, "idx");
> + if (finalize_object_file(curr_index_name, name.buf))
> die("cannot store index file");
> free((void *)curr_index_name);
> - return name;
> + return strbuf_detach(&name, NULL);
Hmm, who deletes this, ...
> }
>
> static void unkeep_all_packs(void)
> {
> - static char name[PATH_MAX];
> + struct strbuf name = STRBUF_INIT;
> int k;
>
> for (k = 0; k < pack_id; k++) {
> struct packed_git *p = all_packs[k];
> - snprintf(name, sizeof(name), "%s/pack/pack-%s.keep",
> - get_object_directory(), sha1_to_hex(p->sha1));
> - unlink_or_warn(name);
> + odb_pack_name(&name, p->sha1, "keep");
> + unlink_or_warn(name.buf);
> }
> + strbuf_release(&name);
> }
>
> static int loosen_small_pack(const struct packed_git *p)
> @@ -1035,6 +1032,7 @@ static void end_packfile(void)
> die("core git rejected index %s", idx_name);
> all_packs[pack_id] = new_p;
> install_packed_git(new_p);
> + free(idx_name);
Ah, OK. Yep, no leaks here. ;-)
>
> /* Print the boundary */
> if (pack_edges) {
>
ATB,
Ramsay Jones
