On Wed, Feb 24, 2016 at 10:48:27AM -0800, Junio C Hamano wrote: > >> We do not check if the offset of individual objects are within the > >> corresponding .pack file, either, and nth_packed_object_offset() > >> does return the data read from .idx file that is not checked for > >> sanity. use_pack(), which is the helper used by the callers of > >> nth_packed_object_offset() that finds the offset in the packfile for > >> each object, avoids allowing a read access to mapped pack data > >> beyond the end of it, so it is OK to return bogus value that was > >> read from the .idx file from this function, but there is one > >> computation the function itself does using a possibly bogus value > >> read from the disk: to find out where in the secondary offset table > >> in the .idx file the offset in the packfile is stored. > > > > Looks like this topic got dropped. I was reminded of it when somebody > > pointed me to a similar case[1] today which segfaults in a similar way (but > > this time was caused by actual filesystem corruption). > > > > Did you ever push the patch below further along? > > I do not think so, as I didn't "dig"; I recall trying to be explicit > that it was an illustration to prevent two extra and unnecessary > changes I alluded to in the earlier parts of the thread, not a real > patch. Thanks. I was planning to dig further, but I didn't want to duplicate any work. I've got a series which I'll post momentarily. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html