From: Josh Steadmon <steadmon@google.com>
To: "SZEDER Gábor" <szeder.dev@gmail.com>
Cc: Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org, stolee@gmail.com, avarab@gmail.com,
peff@peff.net
Subject: Re: [PATCH v3 2/3] commit-graph: fix buffer read-overflow
Date: Mon, 10 Dec 2018 13:58:07 -0800 [thread overview]
Message-ID: <20181210215807.GD37614@google.com> (raw)
In-Reply-To: <20181210042843.GQ30222@szeder.dev>
On 2018.12.10 05:28, SZEDER Gábor wrote:
> On Sun, Dec 09, 2018 at 01:01:29PM +0900, Junio C Hamano wrote:
> > Josh Steadmon <steadmon@google.com> writes:
> >
> > > diff --git a/t/t5318-commit-graph.sh b/t/t5318-commit-graph.sh
> > > index 5fe21db99f..5b6b44b78e 100755
> > > --- a/t/t5318-commit-graph.sh
> > > +++ b/t/t5318-commit-graph.sh
> > > @@ -366,24 +366,30 @@ GRAPH_OCTOPUS_DATA_OFFSET=$(($GRAPH_COMMIT_DATA_OFFSET + \
> > > GRAPH_BYTE_OCTOPUS=$(($GRAPH_OCTOPUS_DATA_OFFSET + 4))
> > > GRAPH_BYTE_FOOTER=$(($GRAPH_OCTOPUS_DATA_OFFSET + 4 * $NUM_OCTOPUS_EDGES))
> > >
> > > -# usage: corrupt_graph_and_verify <position> <data> <string>
> > > +# usage: corrupt_graph_and_verify <position> <data> <string> [<zero_pos>]
> > > # Manipulates the commit-graph file at the position
> > > -# by inserting the data, then runs 'git commit-graph verify'
> > > +# by inserting the data, optionally zeroing the file
> > > +# starting at <zero_pos>, then runs 'git commit-graph verify'
> > > # and places the output in the file 'err'. Test 'err' for
> > > # the given string.
> > > corrupt_graph_and_verify() {
> > > pos=$1
> > > data="${2:-\0}"
> > > grepstr=$3
> > > + orig_size=$(stat --format=%s $objdir/info/commit-graph)
> >
> > "stat(1)" is not so portable, so you'll get complaints from minority
> > platform users later. So is "truncate(1)".
>
> I complain: this patch breaks on macOS (on Travis CI), but in a
> curious way. First, 'stat' in the above line errors out with:
>
> +++stat --format=%s .git/objects/info/commit-graph
> stat: illegal option -- -
> usage: stat [-FlLnqrsx] [-f format] [-t timefmt] [file ...]
>
> Alas, this doesn't immediately fail the test, because it's not part of
> the &&-chain.
>
> > > + zero_pos=${4:-${orig_size}}
>
> No && here, either.
>
> > > cd "$TRASH_DIRECTORY/full" &&
> > > test_when_finished mv commit-graph-backup $objdir/info/commit-graph &&
> > > cp $objdir/info/commit-graph commit-graph-backup &&
> > > printf "$data" | dd of="$objdir/info/commit-graph" bs=1 seek="$pos" conv=notrunc &&
> > > + truncate --size=$zero_pos $objdir/info/commit-graph &&
>
> ++truncate --size= .git/objects/info/commit-graph
> t5318-commit-graph.sh: line 385: truncate: command not found
>
> Note that even if 'truncate' were available, it would most likely
> complain about the empty '--size=' argument resulting from the 'stat'
> error above.
>
> Alas, this doesn't fail the test, either, because ...
>
> > > + truncate --size=$orig_size $objdir/info/commit-graph &&
> > > test_must_fail git commit-graph verify 2>test_err &&
> > > grep -v "^+" test_err >err
>
> ... here the &&-chain was broken already before this patch. However,
> since this above command was not executed due to the missing
> 'truncate', it didn't have a chance to create the 'err' file, ...
>
> > > test_i18ngrep "$grepstr" err
>
> ... so 'test_i18ngrep' can't find the file, which triggers its linting
> error, finally aborting the whole test script.
>
> > > }
> > >
> > > +
>
> Stray newline.
>
> > > test_expect_success 'detect bad signature' '
> > > corrupt_graph_and_verify 0 "\0" \
> > > "graph signature"
> > > @@ -484,6 +490,11 @@ test_expect_success 'detect invalid checksum hash' '
> > > "incorrect checksum"
> > > '
> > >
> > > +test_expect_success 'detect incorrect chunk count' '
> > > + corrupt_graph_and_verify $GRAPH_BYTE_CHUNK_COUNT "\xff" \
> >
> > Implementations of printf(1) may not grok "\xff" as a valid
> > representation of "\377". The shell built-in of dash(1) for example
> > would not work with this.
> >
> > > + "chunk lookup table entry missing" $GRAPH_CHUNK_LOOKUP_OFFSET
> > > +'
> > > +
> > > test_expect_success 'git fsck (checks commit-graph)' '
> > > cd "$TRASH_DIRECTORY/full" &&
> > > git fsck &&
Thanks for the catch. All these will be fixed in V4.
next prev parent reply other threads:[~2018-12-10 21:58 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-05 22:32 [PATCH 0/2] Add commit-graph fuzzer and fix buffer overflow Josh Steadmon
2018-12-05 22:32 ` [PATCH 1/2] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2018-12-05 22:48 ` Ævar Arnfjörð Bjarmason
2018-12-06 1:00 ` Josh Steadmon
2018-12-06 1:32 ` Junio C Hamano
2018-12-06 1:41 ` Junio C Hamano
2018-12-06 4:47 ` Junio C Hamano
2018-12-05 22:32 ` [PATCH 2/2] commit-graph: fix buffer read-overflow Josh Steadmon
2018-12-06 13:11 ` Derrick Stolee
2018-12-06 20:20 ` [PATCH v2 0/3] Add commit-graph fuzzer and fix buffer overflow Josh Steadmon
2018-12-06 20:20 ` [PATCH v2 1/3] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2018-12-06 20:20 ` [PATCH v2 2/3] commit-graph: fix buffer read-overflow Josh Steadmon
2018-12-07 9:07 ` Jeff King
2018-12-07 13:33 ` Derrick Stolee
2018-12-06 20:20 ` [PATCH v2 3/3] Makefile: correct example fuzz build Josh Steadmon
2018-12-07 22:27 ` [PATCH v3 0/3] Add commit-graph fuzzer and fix buffer overflow Josh Steadmon
2018-12-07 22:27 ` [PATCH v3 1/3] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2018-12-07 22:27 ` [PATCH v3 2/3] commit-graph: fix buffer read-overflow Josh Steadmon
2018-12-09 4:01 ` Junio C Hamano
2018-12-10 4:28 ` SZEDER Gábor
2018-12-10 21:58 ` Josh Steadmon [this message]
2018-12-10 21:56 ` Josh Steadmon
2018-12-11 9:50 ` Jeff King
2018-12-07 22:27 ` [PATCH v3 3/3] Makefile: correct example fuzz build Josh Steadmon
2018-12-13 19:43 ` [PATCH v4 0/3] Add commit-graph fuzzer and fix buffer overflow Josh Steadmon
2018-12-13 19:43 ` [PATCH v4 1/3] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2018-12-13 19:43 ` [PATCH v4 2/3] commit-graph: fix buffer read-overflow Josh Steadmon
2019-01-12 10:57 ` SZEDER Gábor
2019-01-15 19:58 ` Josh Steadmon
2018-12-13 19:43 ` [PATCH v4 3/3] Makefile: correct example fuzz build Josh Steadmon
2018-12-18 17:35 ` [PATCH v4 0/3] Add commit-graph fuzzer and fix buffer overflow Jeff King
2018-12-18 21:05 ` Josh Steadmon
2018-12-19 15:51 ` Jeff King
2018-12-20 19:35 ` Johannes Schindelin
2018-12-20 20:11 ` Jeff King
2018-12-26 22:29 ` Junio C Hamano
2019-01-15 19:59 ` [PATCH v5 " Josh Steadmon
2019-01-15 19:59 ` [PATCH v5 1/3] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2019-01-15 20:33 ` Junio C Hamano
2019-01-15 19:59 ` [PATCH v5 2/3] commit-graph: fix buffer read-overflow Josh Steadmon
2019-01-15 19:59 ` [PATCH v5 3/3] Makefile: correct example fuzz build Josh Steadmon
2019-01-15 20:39 ` Junio C Hamano
2019-01-15 21:59 ` Josh Steadmon
2019-01-15 22:34 ` Junio C Hamano
2019-01-15 22:25 ` [PATCH v6 0/3] Add commit-graph fuzzer and fix buffer overflow Josh Steadmon
2019-01-15 22:25 ` [PATCH v6 1/3] commit-graph, fuzz: Add fuzzer for commit-graph Josh Steadmon
2019-01-15 22:25 ` [PATCH v6 2/3] commit-graph: fix buffer read-overflow Josh Steadmon
2019-02-20 14:55 ` Ævar Arnfjörð Bjarmason
2019-02-20 16:50 ` SZEDER Gábor
2019-01-15 22:25 ` [PATCH v6 3/3] Makefile: correct example fuzz build Josh Steadmon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181210215807.GD37614@google.com \
--to=steadmon@google.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=stolee@gmail.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.