unpack_loose_header(): report headers without NUL as "bad"

If a caller asks us to read the whole loose object header value into a
strbuf (e.g., via "cat-file --allow-unknown-type"), we'll keep reading
until we see a NUL byte marking the end of the header.

If we hit Z_STREAM_END before seeing the NUL, we obviously have to stop.
But we return ULHR_TOO_LONG, which doesn't make any sense. The "too
long" return code is used in the normal, 32-byte limited mode to
indicate that we stopped looking. There is no such thing as "too long"
here, as we'd keep reading forever until we see the end of stream or the
NUL.

Instead, we should return ULHR_BAD. The loose object has no NUL marking
the end of header, so it is malformed. The behavior difference is
slight; in either case we'd consider the object unreadable and refuse to
go further. The only difference is the specific error message we
produce.

There's no test case here, as we'd need to generate a valid zlib stream
without a NUL. That's not something Git will do without writing new
custom code. And in the next patch we'll fix another bug in this area
which will make this easier to do (and we will test it then).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/object-file.c b/object-file.c
index e48da375bd65d347437ef2d389f15477c4f773fd..b1c33dbb63691b4d43cc8802c89ad6c511ec68ee 100644 (file)
--- a/object-file.c
+++ b/object-file.c
@@ -1308,7 +1308,7 @@ enum unpack_loose_header_result unpack_loose_header(git_zstream *stream,
                if (memchr(buffer, '\0', stream->next_out - (unsigned char *)buffer))
                        return 0;
        } while (status != Z_STREAM_END);
-       return ULHR_TOO_LONG;
+       return ULHR_BAD;
 }
 
 static void *unpack_loose_rest(git_zstream *stream,