git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Fri, 25 Oct 2024 07:08:10 +0000 (03:08 -0400)
committer	Taylor Blau <me@ttaylorr.com>
	Fri, 25 Oct 2024 21:35:46 +0000 (17:35 -0400)
commit	863f2459a2047406c93758e8c3352cd5d2836f1e
tree	cbab83a0cc733347a4facbd10985200bc7752973	tree \| snapshot
parent	479ab76c9ffbd35585a1506ac5c99fe218df70b9	commit \| diff

packfile: use oidread() instead of hashcpy() to fill object_id

When chasing a REF_DELTA, we need to pull the raw hash bytes out of the
mmap'd packfile into an object_id struct. We do that with a raw
hashcpy() of the appropriate length (that happens directly now, though
before the previous commit it happened inside find_pack_entry_one(),
also using a hashcpy).

But I think this creates a potentially dangerous situation due to
d4d364b2c7 (hash: convert `oidcmp()` and `oideq()` to compare whole
hash, 2024-06-14). When using sha1, we'll have uninitialized bytes in
the latter part of the object_id.hash buffer, which could fool oideq(),
etc.

We should use oidread() instead, which correctly zero-pads the extra
bytes, as of c98d762ed9 (global: ensure that object IDs are always
padded, 2024-06-14).

As far as I can see, this has not been a problem in practice because the
object_id we feed to find_pack_entry_one() is never used with oideq(),
etc. It is being compared to the bytes mmap'd from a pack idx file,
which of course do not have the extra padding bytes themselves. So
there's no bug here, but this just puzzled me while looking at the code.
We should do the more obviously safe thing, both for future-proofing and
to avoid confusing readers.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Taylor Blau <me@ttaylorr.com>