pack: Improve error handling for get_delta_base()

[lhchavez]

This change moves the responsibility of setting the error upon failures
of get_delta_base() to get_delta_base() instead of its callers. That
way, the caller chan always check if the return value is negative and
mark the whole operation as an error instead of using garbage values,
which can lead to crashes if the .pack files are malformed.

[lhchavez]

note that the build issues are caused by mbedtls not being able to be downloaded, and are unrelated to this change: https://dev.azure.com/libgit2/libgit2/_build/results?buildId=3441&view=logs&j=bfcc9059-3690-5047-368c-49dfe7d9b8d3&t=8167bc0c-7141-585d-94fc-b6d47d2e4c77&l=1170

[pks-t]

Seems like the certificate for https://tls.mbed.org has expired or is somehow invalid now. Let's wait a bit and if the problem persists we could just add "-k" to curl for now.

@ethomson: we started caching Docker images, but we still build them on every run, right? Is this expected or are we somehow invalidating caches?

Anyway, back the proposed changes, they do look like a welcome improvement to me. Does this fix a bug you've experienced? Otherwise I'd like to defer this until after v1.0 due to the current code freeze.

[lhchavez]

yes, this fixes a crash that can happen if the .pack files are somehow mangled. with this change, it nicely errors out instead of crashing.

the good thing is that the only garbage values that can come out of this are numbers in the range [-10, 0], so i couldn't think of ways in which this could escalate into arbitrary code execution or attacker-controlled reads.

[lhchavez]

tests now pass \o/

[ethomson]

@ethomson: we started caching Docker images, but we still build them on every run, right? Is this expected or are we somehow invalidating caches?

We cache some of the layers; our containers are too big to cache them all. So we get some speedup here but not as much as if we could cache the entire thing.

[pks-t]

These are a bit awkward and don't really fit into our greater error handling patterns. Would you mind updating get_delta_base to return the base offset via an out parameter and have the direct return value indicate errors, only? Let me know if that exceeds the time you want to invest here

[lhchavez]

I would not mind! I also found these a bit awkward and I was aiming for the change with the smallest possible delta, so I thought that a refactor in the same change was not ideal.

But if that's a possibility, I would also prefer to do the cleanup now.

Done!

[pks-t]

I would not mind! I also found these a bit awkward and I was aiming for the change with the smallest possible delta, so I thought that a refactor in the same change was not ideal.

Now that we've got v1.0.0 released we can be less strict about that again.

But if that's a possibility, I would also prefer to do the cleanup now. Done!

Cool, thanks a lot. I'll review your changes soonish.

[pks-t]

This reads a lot better, thanks a lot! One more comment, otherwise I'm good 👍

[pks-t]

You're removing this error case here, but as far as I can see it's not been added to get_delta_base.

[lhchavez]

Done. Not sure if it's needed in both places that I added. I would assume git_oidmap_get would not store an invalid entry, so maybe I am being paranoid.

[pks-t]

Better be defensive while programming than running into errors because of taking too many things for granted 👍

[pks-t]

Thanks a lot, @lchavez!