The untracked cache is stored on disk by concatenating its memory
structures without any padding. Consequently some of the structs are
not aligned at a particular boundary when the whole extension is read
back in one go. That's only OK on platforms without strict alignment
requirements, or for byte-aligned data like strings or hash values.
Decode struct ondisk_untracked_cache carefully from the extension
blob by using explicit pointer arithmetic with offsets, avoiding
alignment issues. Use char pointers for passing stat_data objects to
stat_data_from_disk(), and use memcpy(3) in that function to get the
contents into a properly aligned struct, then perform the byte-order
adjustment in place there.
Found with Clang's UBSan.
Signed-off-by: Rene Scharfe <l.s.r@xxxxxx>
---
Side note: The OS name is not enough for determining the layout of
struct ondisk_untracked_cache. Different platforms can have
different int sizes and padding. Adding the machine type could
help, but that would be a breaking change. At that point we would
be better off defining a machine-independent format, no?
dir.c | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/dir.c b/dir.c
index ae6f5c9636..1c55dc3e36 100644
--- a/dir.c
+++ b/dir.c
@@ -2398,7 +2398,8 @@ struct ondisk_untracked_cache {
char exclude_per_dir[FLEX_ARRAY];
};
-#define ouc_size(len) (offsetof(struct ondisk_untracked_cache, exclude_per_dir) + len + 1)
+#define ouc_offset(x) offsetof(struct ondisk_untracked_cache, x)
+#define ouc_size(len) (ouc_offset(exclude_per_dir) + len + 1)
struct write_data {
int index; /* number of written untracked_cache_dir */
@@ -2560,17 +2561,18 @@ struct read_data {
const unsigned char *end;
};
-static void stat_data_from_disk(struct stat_data *to, const struct stat_data *from)
+static void stat_data_from_disk(struct stat_data *to, const unsigned char *data)
{
- to->sd_ctime.sec = get_be32(&from->sd_ctime.sec);
- to->sd_ctime.nsec = get_be32(&from->sd_ctime.nsec);
- to->sd_mtime.sec = get_be32(&from->sd_mtime.sec);
- to->sd_mtime.nsec = get_be32(&from->sd_mtime.nsec);
- to->sd_dev = get_be32(&from->sd_dev);
- to->sd_ino = get_be32(&from->sd_ino);
- to->sd_uid = get_be32(&from->sd_uid);
- to->sd_gid = get_be32(&from->sd_gid);
- to->sd_size = get_be32(&from->sd_size);
+ memcpy(to, data, sizeof(*to));
+ to->sd_ctime.sec = ntohl(to->sd_ctime.sec);
+ to->sd_ctime.nsec = ntohl(to->sd_ctime.nsec);
+ to->sd_mtime.sec = ntohl(to->sd_mtime.sec);
+ to->sd_mtime.nsec = ntohl(to->sd_mtime.nsec);
+ to->sd_dev = ntohl(to->sd_dev);
+ to->sd_ino = ntohl(to->sd_ino);
+ to->sd_uid = ntohl(to->sd_uid);
+ to->sd_gid = ntohl(to->sd_gid);
+ to->sd_size = ntohl(to->sd_size);
}
static int read_one_dir(struct untracked_cache_dir **untracked_,
@@ -2645,7 +2647,7 @@ static void read_stat(size_t pos, void *cb)
rd->data = rd->end + 1;
return;
}
- stat_data_from_disk(&ud->stat_data, (struct stat_data *)rd->data);
+ stat_data_from_disk(&ud->stat_data, rd->data);
rd->data += sizeof(struct stat_data);
ud->valid = 1;
}
@@ -2663,22 +2665,22 @@ static void read_sha1(size_t pos, void *cb)
}
static void load_sha1_stat(struct sha1_stat *sha1_stat,
- const struct stat_data *stat,
+ const unsigned char *data,
const unsigned char *sha1)
{
- stat_data_from_disk(&sha1_stat->stat, stat);
+ stat_data_from_disk(&sha1_stat->stat, data);
hashcpy(sha1_stat->sha1, sha1);
sha1_stat->valid = 1;
}
struct untracked_cache *read_untracked_extension(const void *data, unsigned long sz)
{
- const struct ondisk_untracked_cache *ouc;
struct untracked_cache *uc;
struct read_data rd;
const unsigned char *next = data, *end = (const unsigned char *)data + sz;
const char *ident;
int ident_len, len;
+ const char *exclude_per_dir;
if (sz <= 1 || end[-1] != '\0')
return NULL;
@@ -2690,21 +2692,23 @@ struct untracked_cache *read_untracked_extension(const void *data, unsigned long
ident = (const char *)next;
next += ident_len;
- ouc = (const struct ondisk_untracked_cache *)next;
if (next + ouc_size(0) > end)
return NULL;
uc = xcalloc(1, sizeof(*uc));
strbuf_init(&uc->ident, ident_len);
strbuf_add(&uc->ident, ident, ident_len);
- load_sha1_stat(&uc->ss_info_exclude, &ouc->info_exclude_stat,
- ouc->info_exclude_sha1);
- load_sha1_stat(&uc->ss_excludes_file, &ouc->excludes_file_stat,
- ouc->excludes_file_sha1);
- uc->dir_flags = get_be32(&ouc->dir_flags);
- uc->exclude_per_dir = xstrdup(ouc->exclude_per_dir);
+ load_sha1_stat(&uc->ss_info_exclude,
+ next + ouc_offset(info_exclude_stat),
+ next + ouc_offset(info_exclude_sha1));
+ load_sha1_stat(&uc->ss_excludes_file,
+ next + ouc_offset(excludes_file_stat),
+ next + ouc_offset(excludes_file_sha1));
+ uc->dir_flags = get_be32(next + ouc_offset(dir_flags));
+ exclude_per_dir = (const char *)next + ouc_offset(exclude_per_dir);
+ uc->exclude_per_dir = xstrdup(exclude_per_dir);
/* NUL after exclude_per_dir is covered by sizeof(*ouc) */
- next += ouc_size(strlen(ouc->exclude_per_dir));
+ next += ouc_size(strlen(exclude_per_dir));
if (next >= end)
goto done2;
--
2.13.3
