On Mon, Apr 17, 2023 at 04:21:39PM +0000, Derrick Stolee via GitGitGadget wrote:
> @@ -309,6 +310,15 @@ int load_pack_revindex(struct repository *r, struct packed_git *p)
> */
> int verify_pack_revindex(struct packed_git *p)
> {
> + /* Do not bother checking if not initialized. */
Yep, makes sense; if we don't have an on-disk reverse index (which is
mmap'd into `revindex_map` we don't have anything to verify), so we can
bail here.
> + if (!p->revindex_map)
> + return 0;
> +
> + if (!hashfile_checksum_valid((const unsigned char *)p->revindex_map, p->revindex_size)) {
> + error(_("invalid checksum"));
> + return -1;
> + }
> +
> return 0;
> }
>
> diff --git a/t/t5325-reverse-index.sh b/t/t5325-reverse-index.sh
> index 206c412f50b..6b7c709a1f6 100755
> --- a/t/t5325-reverse-index.sh
> +++ b/t/t5325-reverse-index.sh
> @@ -145,4 +145,44 @@ test_expect_success 'fsck succeeds on good rev-index' '
> )
> '
>
> +test_expect_success 'set up rev-index corruption tests' '
s/set up/setup for easy `--run`-ing (e.g., ./t5325-*.sh --run=setup,fsck).
> + git init corrupt &&
> + (
> + cd corrupt &&
> +
> + test_commit commit &&
> + git -c pack.writeReverseIndex=true repack -ad &&
> +
> + revfile=$(ls .git/objects/pack/pack-*.rev) &&
> + chmod a+w $revfile &&
> + cp $revfile $revfile.bak
> + )
> +'
> +
> +corrupt_rev_and_verify () {
> + (
> + pos="$1" &&
> + value="$2" &&
> + error="$3" &&
> +
> + cd corrupt &&
> + revfile=$(ls .git/objects/pack/pack-*.rev) &&
> +
> + # Reset to original rev-file.
> + cp $revfile.bak $revfile &&
> +
> + printf "$value" | dd of=$revfile bs=1 seek="$pos" conv=notrunc &&
> + test_must_fail git fsck 2>err &&
> + grep "$error" err
> + )
> +}
> +
> +test_expect_success 'fsck catches invalid checksum' '
> + revfile=$(ls corrupt/.git/objects/pack/pack-*.rev) &&
Would this test be tighter if we introduced a sub-shell and cd'd into
"corrupt" here?
> + orig_size=$(wc -c <$revfile) &&
I'm nitpicking, but we may want to use `test_file_size` here instead of
`wc -c`. The latter outnumbers the former in terms of number of uses,
but I think we consider `test_file_size` to be canonical these days.
> + hashpos=$((orig_size - 10)) &&
> + corrupt_rev_and_verify $hashpos bogus \
> + "invalid checksum"
> +'
This looks good.
Thanks,
Taylor
