We try to read "len" bytes into a buffer and just assume
that it happened correctly. In practice this should usually
be the case, since we just stat'd the file to get the
length. But we could be fooled by transient errors or by
other processes racily truncating the file.
Let's be more careful. There's a slim chance this could
catch a real error, but it also prevents people and tools
from getting worried while reading the code.
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
builtin/worktree.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/builtin/worktree.c b/builtin/worktree.c
index 2f4a4ef9cd..87b3d70b0b 100644
--- a/builtin/worktree.c
+++ b/builtin/worktree.c
@@ -59,7 +59,11 @@ static int prune_worktree(const char *id, struct strbuf *reason)
}
len = xsize_t(st.st_size);
path = xmallocz(len);
- read_in_full(fd, path, len);
+ if (read_in_full(fd, path, len) != len) {
+ strbuf_addf(reason, _("Removing worktrees/%s: gitdir read did not match stat (%s)"),
+ id, strerror(errno));
+ return 1;
+ }
close(fd);
while (len && (path[len - 1] == '\n' || path[len - 1] == '\r'))
len--;
--
2.14.1.1148.ga2561536a1
