c68038effe
The preceding code checks that view->max_off is nonnegative and (off + width) fits in an off_t, so this code is already safe. Signed-off-by: David Barr <davidbarr@google.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
80 lines
2.1 KiB
C
80 lines
2.1 KiB
C
/*
|
|
* Licensed under a two-clause BSD-style license.
|
|
* See LICENSE for details.
|
|
*/
|
|
|
|
#include "git-compat-util.h"
|
|
#include "sliding_window.h"
|
|
#include "line_buffer.h"
|
|
#include "strbuf.h"
|
|
|
|
static int input_error(struct line_buffer *file)
|
|
{
|
|
if (!buffer_ferror(file))
|
|
return error("delta preimage ends early");
|
|
return error("cannot read delta preimage: %s", strerror(errno));
|
|
}
|
|
|
|
static int skip_or_whine(struct line_buffer *file, off_t gap)
|
|
{
|
|
if (buffer_skip_bytes(file, gap) != gap)
|
|
return input_error(file);
|
|
return 0;
|
|
}
|
|
|
|
static int read_to_fill_or_whine(struct line_buffer *file,
|
|
struct strbuf *buf, size_t width)
|
|
{
|
|
buffer_read_binary(file, buf, width - buf->len);
|
|
if (buf->len != width)
|
|
return input_error(file);
|
|
return 0;
|
|
}
|
|
|
|
static int check_offset_overflow(off_t offset, uintmax_t len)
|
|
{
|
|
if (len > maximum_signed_value_of_type(off_t))
|
|
return error("unrepresentable length in delta: "
|
|
"%"PRIuMAX" > OFF_MAX", len);
|
|
if (signed_add_overflows(offset, (off_t) len))
|
|
return error("unrepresentable offset in delta: "
|
|
"%"PRIuMAX" + %"PRIuMAX" > OFF_MAX",
|
|
(uintmax_t) offset, len);
|
|
return 0;
|
|
}
|
|
|
|
int move_window(struct sliding_view *view, off_t off, size_t width)
|
|
{
|
|
off_t file_offset;
|
|
assert(view);
|
|
assert(view->width <= view->buf.len);
|
|
assert(!check_offset_overflow(view->off, view->buf.len));
|
|
|
|
if (check_offset_overflow(off, width))
|
|
return -1;
|
|
if (off < view->off || off + width < view->off + view->width)
|
|
return error("invalid delta: window slides left");
|
|
if (view->max_off >= 0 && view->max_off < off + (off_t) width)
|
|
return error("delta preimage ends early");
|
|
|
|
file_offset = view->off + view->buf.len;
|
|
if (off < file_offset) {
|
|
/* Move the overlapping region into place. */
|
|
strbuf_remove(&view->buf, 0, off - view->off);
|
|
} else {
|
|
/* Seek ahead to skip the gap. */
|
|
if (skip_or_whine(view->file, off - file_offset))
|
|
return -1;
|
|
strbuf_setlen(&view->buf, 0);
|
|
}
|
|
|
|
if (view->buf.len > width)
|
|
; /* Already read. */
|
|
else if (read_to_fill_or_whine(view->file, &view->buf, width))
|
|
return -1;
|
|
|
|
view->off = off;
|
|
view->width = width;
|
|
return 0;
|
|
}
|