Jeremy Linton wrote: > The buffer being passed to zlib includes a null terminator that > git needs to keep in place. unpack_compressed_entry() attempts to > detect the case that the source buffer hasn't been fully consumed > by checking to see if the destination buffer has been over consumed. > > This yields two problems, first a single byte overrun won't be detected > properly because the Z_STREAM_END will then be set, but the null > terminator will have been overwritten. The other problem is that > more recent zlib patches have been poisoning the unconsumed portions > of the buffers which also overwrites the null, while correctly > returning length and status. > > Lets rely on the fact that the source buffer will only be fully > consumed when the when the destination buffer is inflated to the > correct size. We can do this by passing zlib the correct buffer size > and properly checking the return status. The latter check actually > already exists if the buffer size is correct. > > Signed-off-by: Jeremy Linton <lintonrjeremy@xxxxxxxxx> > --- As a little background, earlier today Pavel Cahyna filed a ticket about a regression in a recent zlib update on aarch64 in Fedora[1]. While he was doing that I was just beginning to look at why the git test suite failed fairly badly a build last night[2]. The aarch64 build on Fedora 28 failed, while it succeeded on all other architectures (armv7hl, i686, ppc64, ppc64le, s390x, x86_64). It also passed on newer and older Fedora releases. The difference was that the Fedora 28 zlib build has some aarch64 optimization patches applied[3]. (Those patches are in rawhide/f29 as well, but due to an unrelated issue have not yet made it into the buildroot used for the git build.) I'm woefully unqualified to comment on the patch, but if there are any questions about how this was found, I hope the above background will be helpful. A big thanks to Jeremy for dropping whatever he had planned to do today and dig into this issue. I can only hope it was either more fun or less work than what he hoped to do with his Friday. :) Thanks also to Pavel for finding the source of the failures and filing a detailed bug report to get things moving. [1] https://bugzilla.redhat.com/1582555 [2] https://fedorapeople.org/~tmz/git-aarch64-make-test [3] https://src.fedoraproject.org/rpms/zlib/c/25e9802 > packfile.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/packfile.c b/packfile.c > index 7c1a2519f..245eb3204 100644 > --- a/packfile.c > +++ b/packfile.c > @@ -1416,7 +1416,7 @@ static void *unpack_compressed_entry(struct packed_git *p, > return NULL; > memset(&stream, 0, sizeof(stream)); > stream.next_out = buffer; > - stream.avail_out = size + 1; > + stream.avail_out = size; > > git_inflate_init(&stream); > do { > @@ -1424,7 +1424,7 @@ static void *unpack_compressed_entry(struct packed_git *p, > stream.next_in = in; > st = git_inflate(&stream, Z_FINISH); > if (!stream.avail_out) > - break; /* the payload is larger than it should be */ > + break; /* done, st indicates if source fully consumed */ > curpos += stream.next_in - in; > } while (st == Z_OK || st == Z_BUF_ERROR); > git_inflate_end(&stream); -- Todd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An election is coming. Universal peace is declared and the foxes have a sincere interest in prolonging the lives of the poultry. -- T.S. Eliot
