Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
vcs-svn: cap number of bytes read from sliding view
Introduce a "max_off" field in struct sliding_view, roughly
representing a maximum number of bytes that can be read from "file".
If it is set to a nonnegative integer, a call to move_window()
attempting to put the right endpoint beyond that offset will return
an error instead.

The idea is to use this when applying Subversion-format deltas to
prevent reads past the end of the preimage (which has known length).
Without such a check, corrupt deltas would cause svn-fe to block
indefinitely when data in the input pipe is exhausted.

Inspired-by: Ramkumar Ramachandra <artagnon@gmail.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
  • Loading branch information
jrn committed Jun 15, 2011
1 parent b747e56 commit fbdd4f6
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion test-svn-fe.c
Expand Up @@ -15,7 +15,7 @@ static int apply_delta(int argc, char *argv[])
{
struct line_buffer preimage = LINE_BUFFER_INIT;
struct line_buffer delta = LINE_BUFFER_INIT;
struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage);
struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage, -1);

if (argc != 5)
usage(test_svnfe_usage);
Expand Down
2 changes: 2 additions & 0 deletions vcs-svn/sliding_window.c
Expand Up @@ -54,6 +54,8 @@ int move_window(struct sliding_view *view, off_t off, size_t width)
return -1;
if (off < view->off || off + width < view->off + view->width)
return error("invalid delta: window slides left");
if (view->max_off >= 0 && view->max_off < off + width)
return error("delta preimage ends early");

file_offset = view->off + view->buf.len;
if (off < file_offset) {
Expand Down
3 changes: 2 additions & 1 deletion vcs-svn/sliding_window.h
Expand Up @@ -7,10 +7,11 @@ struct sliding_view {
struct line_buffer *file;
off_t off;
size_t width;
off_t max_off; /* -1 means unlimited */
struct strbuf buf;
};

#define SLIDING_VIEW_INIT(input) { (input), 0, 0, STRBUF_INIT }
#define SLIDING_VIEW_INIT(input, len) { (input), 0, 0, (len), STRBUF_INIT }

extern int move_window(struct sliding_view *view, off_t off, size_t width);

Expand Down

0 comments on commit fbdd4f6

Please sign in to comment.