From b747e5675db5e26292c942146a25e1c26440c5f7 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Fri, 27 May 2011 04:28:46 -0500 Subject: [PATCH 1/2] test-svn-fe: split off "test-svn-fe -d" into a separate function The helper for testing the svndiff library is getting dangerously close to the right margin. Split it off into a separate function so it is easier to contemplate on its own. In the process, make the test_svnfe_usage[] string static so it can be shared by the two functions (and other future functions in this test program) without fuss. In other words, this just unindents the code a little. No functional change intended. Signed-off-by: Jonathan Nieder --- test-svn-fe.c | 54 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/test-svn-fe.c b/test-svn-fe.c index 66bd04022d..a0276260eb 100644 --- a/test-svn-fe.c +++ b/test-svn-fe.c @@ -8,10 +8,37 @@ #include "vcs-svn/sliding_window.h" #include "vcs-svn/line_buffer.h" +static const char test_svnfe_usage[] = + "test-svn-fe ( | [-d] )"; + +static int apply_delta(int argc, char *argv[]) +{ + struct line_buffer preimage = LINE_BUFFER_INIT; + struct line_buffer delta = LINE_BUFFER_INIT; + struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage); + + if (argc != 5) + usage(test_svnfe_usage); + + if (buffer_init(&preimage, argv[2])) + die_errno("cannot open preimage"); + if (buffer_init(&delta, argv[3])) + die_errno("cannot open delta"); + if (svndiff0_apply(&delta, (off_t) strtoull(argv[4], NULL, 0), + &preimage_view, stdout)) + return 1; + if (buffer_deinit(&preimage)) + die_errno("cannot close preimage"); + if (buffer_deinit(&delta)) + die_errno("cannot close delta"); + buffer_reset(&preimage); + strbuf_release(&preimage_view.buf); + buffer_reset(&delta); + return 0; +} + int main(int argc, char *argv[]) { - static const char test_svnfe_usage[] = - "test-svn-fe ( | [-d] )"; if (argc == 2) { if (svndump_init(argv[1])) return 1; @@ -20,25 +47,8 @@ int main(int argc, char *argv[]) svndump_reset(); return 0; } - if (argc == 5 && !strcmp(argv[1], "-d")) { - struct line_buffer preimage = LINE_BUFFER_INIT; - struct line_buffer delta = LINE_BUFFER_INIT; - struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage); - if (buffer_init(&preimage, argv[2])) - die_errno("cannot open preimage"); - if (buffer_init(&delta, argv[3])) - die_errno("cannot open delta"); - if (svndiff0_apply(&delta, (off_t) strtoull(argv[4], NULL, 0), - &preimage_view, stdout)) - return 1; - if (buffer_deinit(&preimage)) - die_errno("cannot close preimage"); - if (buffer_deinit(&delta)) - die_errno("cannot close delta"); - buffer_reset(&preimage); - strbuf_release(&preimage_view.buf); - buffer_reset(&delta); - return 0; - } + + if (argc >= 2 && !strcmp(argv[1], "-d")) + return apply_delta(argc, argv); usage(test_svnfe_usage); } From fbdd4f6fb477885e4bf81658e02c3542a861c695 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Fri, 27 May 2011 04:07:44 -0500 Subject: [PATCH 2/2] vcs-svn: cap number of bytes read from sliding view Introduce a "max_off" field in struct sliding_view, roughly representing a maximum number of bytes that can be read from "file". If it is set to a nonnegative integer, a call to move_window() attempting to put the right endpoint beyond that offset will return an error instead. The idea is to use this when applying Subversion-format deltas to prevent reads past the end of the preimage (which has known length). Without such a check, corrupt deltas would cause svn-fe to block indefinitely when data in the input pipe is exhausted. Inspired-by: Ramkumar Ramachandra Signed-off-by: Jonathan Nieder --- test-svn-fe.c | 2 +- vcs-svn/sliding_window.c | 2 ++ vcs-svn/sliding_window.h | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/test-svn-fe.c b/test-svn-fe.c index a0276260eb..332a5f711d 100644 --- a/test-svn-fe.c +++ b/test-svn-fe.c @@ -15,7 +15,7 @@ static int apply_delta(int argc, char *argv[]) { struct line_buffer preimage = LINE_BUFFER_INIT; struct line_buffer delta = LINE_BUFFER_INIT; - struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage); + struct sliding_view preimage_view = SLIDING_VIEW_INIT(&preimage, -1); if (argc != 5) usage(test_svnfe_usage); diff --git a/vcs-svn/sliding_window.c b/vcs-svn/sliding_window.c index 1b8d9875ed..1bac7a4c7f 100644 --- a/vcs-svn/sliding_window.c +++ b/vcs-svn/sliding_window.c @@ -54,6 +54,8 @@ int move_window(struct sliding_view *view, off_t off, size_t width) return -1; if (off < view->off || off + width < view->off + view->width) return error("invalid delta: window slides left"); + if (view->max_off >= 0 && view->max_off < off + width) + return error("delta preimage ends early"); file_offset = view->off + view->buf.len; if (off < file_offset) { diff --git a/vcs-svn/sliding_window.h b/vcs-svn/sliding_window.h index ed0bfdd65c..b43a825cba 100644 --- a/vcs-svn/sliding_window.h +++ b/vcs-svn/sliding_window.h @@ -7,10 +7,11 @@ struct sliding_view { struct line_buffer *file; off_t off; size_t width; + off_t max_off; /* -1 means unlimited */ struct strbuf buf; }; -#define SLIDING_VIEW_INIT(input) { (input), 0, 0, STRBUF_INIT } +#define SLIDING_VIEW_INIT(input, len) { (input), 0, 0, (len), STRBUF_INIT } extern int move_window(struct sliding_view *view, off_t off, size_t width);