[PATCH 10/11] vcs-svn: Reject deltas that read past end of preimage

Jonathan Nieder <jrnieder@xxxxxxxxx> · Wed, 13 Oct 2010 04:53:18 -0500

Some particularly strange deltas of unknown origin were found to
request copies beyond the end of the preimage.  But svn 1.6 never
produces anything like that.

Although Subversion accepts these perverse deltas as input, let's
error out if some future version of subversion starts to actually
produce them.

Without this change, the diff applier would have to separately
keep track of the number of bytes supposedly and actually written out.

Helped-by: Ramkumar Ramachandra <artagnon@xxxxxxxxx>
Helped-by: David Barr <david.barr@xxxxxxxxxxxx>
Signed-off-by: Jonathan Nieder <jrnieder@xxxxxxxxx>
---
 t/t9011-svn-da.sh        |   11 ++++-------
 vcs-svn/sliding_window.c |   10 ++++++----
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/t/t9011-svn-da.sh b/t/t9011-svn-da.sh
index ccd31e9..c4bd1f3 100755
--- a/t/t9011-svn-da.sh
+++ b/t/t9011-svn-da.sh
@@ -105,16 +105,13 @@ test_expect_success 'preimage view: offsets compared by value' '
 	test_cmp empty actual
 '
 
-test_expect_success 'preimage view: accept truncated preimage' '
+test_expect_success 'preimage view: reject truncated preimage' '
 	printf "SVNQ%b" "\010QQQQ" | q_to_nul >clear.lateemptyread &&
 	printf "SVNQ%b" "\010\001QQQ" | q_to_nul >clear.latenonemptyread &&
 	printf "SVNQ%b" "\001\010QQQ" | q_to_nul >clear.longread &&
-	test-svn-fe -d preimage clear.lateemptyread 9 >actual.emptyread &&
-	test-svn-fe -d preimage clear.latenonemptyread 9 >actual.nonemptyread &&
-	test-svn-fe -d preimage clear.longread 9 >actual.longread &&
-	test_cmp empty actual.emptyread &&
-	test_cmp empty actual.nonemptyread &&
-	test_cmp empty actual.longread
+	test_must_fail test-svn-fe -d preimage clear.lateemptyread 9 &&
+	test_must_fail test-svn-fe -d preimage clear.latenonemptyread 9 &&
+	test_must_fail test-svn-fe -d preimage clear.longread 9
 '
 
 test_expect_success 'unconsumed inline data' '
diff --git a/vcs-svn/sliding_window.c b/vcs-svn/sliding_window.c
index 8273970..5c08828 100644
--- a/vcs-svn/sliding_window.c
+++ b/vcs-svn/sliding_window.c
@@ -49,17 +49,19 @@ int move_window(struct view *view, off_t off, size_t len)
 		const off_t gap = off - file_offset;
 		const off_t nread = buffer_skip_bytes(view->file, gap);
 		if (nread != gap) {
-			if (!buffer_ferror(view->file))	/* View ends early. */
-				goto done;
+			if (!buffer_ferror(view->file))
+				return error("Preimage ends early");
 			return error("Cannot seek forward in input: %s",
 				     strerror(errno));
 		}
 		file_offset += gap;
 	}
 	buffer_read_binary(&view->buf, len - view->buf.len, view->file);
-	if (buffer_ferror(view->file))
+	if (view->buf.len != len) {
+		if (!buffer_ferror(view->file))
+			return error("Preimage ends early");
 		return error("Cannot read preimage: %s", strerror(errno));
- done:
+	}
 	view->off = off;
 	return 0;
 }
-- 
1.7.2.3

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





