Apply upstream zlib buffer handling patch (#1582555)

With the patch accepted upstream, apply it to all architectures.
2018-06-13 18:36:50 -04:00 · 2018-06-13 18:36:50 -04:00 · 5cf8e316f1
commit 5cf8e316f1
parent 5834e5a5ce
3 changed files with 43 additions and 60 deletions
--- a/0001-packfile-Correct-zlib-buffer-handling.patch
+++ b/0001-packfile-Correct-zlib-buffer-handling.patch
@ -1,50 +0,0 @@
 From 0255347aed203301302e3f8e39fa87349e178019 Mon Sep 17 00:00:00 2001
 From: Jeremy Linton <lintonrjeremy@gmail.com>
 Date: Fri, 25 May 2018 17:56:01 -0500
 Subject: [PATCH] packfile: Correct zlib buffer handling
 The buffer being passed to zlib includes a null terminator that
 git needs to keep in place. unpack_compressed_entry() attempts to
 detect the case that the source buffer hasn't been fully consumed
 by checking to see if the destination buffer has been over consumed.
 This yields two problems, first a single byte overrun won't be detected
 properly because the Z_STREAM_END will then be set, but the null
 terminator will have been overwritten. The other problem is that
 more recent zlib patches have been poisoning the unconsumed portions
 of the buffers which also overwrites the null, while correctly
 returning length and status.
 Lets rely on the fact that the source buffer will only be fully
 consumed when the when the destination buffer is inflated to the
 correct size. We can do this by passing zlib the correct buffer size
 and properly checking the return status. The latter check actually
 already exists if the buffer size is correct.
 Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
 ---
 packfile.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/packfile.c b/packfile.c
 index 7c1a2519fc..245eb32041 100644
 --- a/packfile.c
 +++ b/packfile.c
@@ -1416,7 +1416,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
 		return NULL;
 	memset(&stream, 0, sizeof(stream));
 	stream.next_out = buffer;
 -	stream.avail_out = size + 1;
 +	stream.avail_out = size;
 	git_inflate_init(&stream);
 	do {
@@ -1424,7 +1424,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
 		stream.next_in = in;
 		st = git_inflate(&stream, Z_FINISH);
 		if (!stream.avail_out)
 -			break; /* the payload is larger than it should be */
 +			break; /* done, st indicates if source fully consumed */
 		curpos += stream.next_in - in;
 	} while (st == Z_OK || st == Z_BUF_ERROR);
 	git_inflate_end(&stream);
--- a/0001-packfile-correct-zlib-buffer-handling.patch
+++ b/0001-packfile-correct-zlib-buffer-handling.patch
@ -0,0 +1,38 @@
 From b611396e97cba09c7e1cf900190cf1a9e922546e Mon Sep 17 00:00:00 2001
 From: Jeremy Linton <lintonrjeremy@gmail.com>
 Date: Wed, 13 Jun 2018 09:22:07 -0500
 Subject: [PATCH] packfile: correct zlib buffer handling
 The buffer being passed to zlib includes a NUL terminator that git
 needs to keep in place. unpack_compressed_entry() attempts to detect
 the case that the source buffer hasn't been fully consumed by
 checking to see if the destination buffer has been over consumed.
 This causes a problem, that more recent zlib patches have been
 poisoning the unconsumed portions of the buffer which overwrites
 the NUL byte, while correctly returning length and status.
 Let's place the NUL at the end of the buffer after inflate returns
 to assure that it doesn't result in problems for git even if its
 been overwritten by zlib.
 Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
 Signed-off-by: Junio C Hamano <gitster@pobox.com>
 ---
 packfile.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/packfile.c b/packfile.c
 index 4a5fe7ab18838..d55569921793e 100644
 --- a/packfile.c
 +++ b/packfile.c
@@ -1422,6 +1422,9 @@ static void *unpack_compressed_entry(struct packed_git *p,
 		return NULL;
 	}
 +	/* versions of zlib can clobber unconsumed portion of outbuf */
 +	buffer[size] = '\0';
 +
 	return buffer;
 }
--- a/git.spec
+++ b/git.spec
@ -109,11 +109,6 @@ Source14:       gitweb.conf.in
 Source15:       git@.service.in
 Source16:       git.socket
 # https://bugzilla.redhat.com/1582555
 # https://public-inbox.org/git/20180525231713.23047-1-lintonrjeremy@gmail.com/
 # This patch is applied manually on aarch64 only, until it is accepted # upstream
 Source20:       0001-packfile-Correct-zlib-buffer-handling.patch
 # Script to print test failure output (used in %%check)
 Source99:       print-failed-test-output
@ -123,6 +118,10 @@ Patch1:         git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch
 # https://github.com/gitster/git/commit/f2cb01d35
 # https://public-inbox.org/git/20180601174644.13055-1-phillip.wood@talktalk.net/
 Patch2:         0001-add-p-fix-counting-empty-context-lines-in-edited-pat.patch
 # https://bugzilla.redhat.com/1582555
 # https://github.com/gitster/git/commit/b611396e97.patch
 # https://public-inbox.org/git/20180525231713.23047-1-lintonrjeremy@gmail.com/
 Patch3:         0001-packfile-correct-zlib-buffer-handling.patch
 %if %{with docs}
 BuildRequires:  asciidoc >= 8.4.1
@ -418,11 +417,6 @@ rm -rf "$tar" "$gpghome" # Cleanup tar files and tmp gpg home dir
 # https://bugzilla.redhat.com/1310704
 %autosetup -p1 -n %{name}-%{version}%{?rcrev}
 # Apply aarch64 zlib patch (https://bugzilla.redhat.com/1582555)
 %ifarch aarch64
 %apply_patch %{SOURCE20}
 %endif
 # Install print-failed-test-output script
 install -p -m 755 %{SOURCE99} print-failed-test-output
@ -876,6 +870,7 @@ make test || ./print-failed-test-output
 %changelog
 * Wed Jun 13 2018 Todd Zullinger <tmz@pobox.com> - 2.18.0-0.2.rc2
 - Update to 2.18.0-rc2
 - Apply upstream zlib buffer handling patch (#1582555)
 * Wed Jun 06 2018 Todd Zullinger <tmz@pobox.com>
 - Include git-contacts, SubmittingPatches suggests it to users