pack.c 32.7 KB
Newer Older
1
/*
Edward Thomson committed
2
 * Copyright (C) the libgit2 contributors. All rights reserved.
3
 *
Vicent Marti committed
4 5
 * This file is part of libgit2, distributed under the GNU GPL v2 with
 * a Linking Exception. For full terms see the included COPYING file.
6 7 8
 */

#include "pack.h"
9

10
#include "delta.h"
11
#include "futils.h"
12 13
#include "mwindow.h"
#include "odb.h"
14
#include "oid.h"
15

16 17 18
/* Option to bypass checking existence of '.keep' files */
bool git_disable_pack_keep_file_checks = false;

19
static int packfile_open(struct git_pack_file *p);
20
static off64_t nth_packed_object_offset(const struct git_pack_file *p, uint32_t n);
21
static int packfile_unpack_compressed(
22 23 24
		git_rawobj *obj,
		struct git_pack_file *p,
		git_mwindow **w_curs,
25
		off64_t *curpos,
26
		size_t size,
27
		git_object_t type);
28 29 30

/* Can find the offset of an object given
 * a prefix of an identifier.
31
 * Throws GIT_EAMBIGUOUSOIDPREFIX if short oid
32 33 34 35 36
 * is ambiguous within the pack.
 * This method assumes that len is between
 * GIT_OID_MINPREFIXLEN and GIT_OID_HEXSZ.
 */
static int pack_entry_find_offset(
37
		off64_t *offset_out,
38 39 40
		git_oid *found_oid,
		struct git_pack_file *p,
		const git_oid *short_oid,
41
		size_t len);
42

43 44
static int packfile_error(const char *message)
{
45
	git_error_set(GIT_ERROR_ODB, "invalid pack file - %s", message);
46 47 48
	return -1;
}

49 50 51
/********************
 * Delta base cache
 ********************/
52

53
static git_pack_cache_entry *new_cache_object(git_rawobj *source)
54
{
55
	git_pack_cache_entry *e = git__calloc(1, sizeof(git_pack_cache_entry));
56 57 58
	if (!e)
		return NULL;

59
	git_atomic_inc(&e->refcount);
60 61 62 63 64 65 66 67 68 69
	memcpy(&e->raw, source, sizeof(git_rawobj));

	return e;
}

static void free_cache_object(void *o)
{
	git_pack_cache_entry *e = (git_pack_cache_entry *)o;

	if (e != NULL) {
70
		assert(e->refcount.val == 0);
71 72 73 74 75
		git__free(e->raw.data);
		git__free(e);
	}
}

76 77
static void cache_free(git_pack_cache *cache)
{
78
	git_pack_cache_entry *entry;
79 80

	if (cache->entries) {
81 82 83
		git_offmap_foreach_value(cache->entries, entry, {
			free_cache_object(entry);
		});
84 85

		git_offmap_free(cache->entries);
86
		cache->entries = NULL;
87 88 89 90 91
	}
}

static int cache_init(git_pack_cache *cache)
{
92 93
	if (git_offmap_new(&cache->entries) < 0)
		return -1;
94

95
	cache->memory_limit = GIT_PACK_CACHE_MEMORY_LIMIT;
Russell Belfer committed
96 97

	if (git_mutex_init(&cache->lock)) {
98
		git_error_set(GIT_ERROR_OS, "failed to initialize pack cache mutex");
Russell Belfer committed
99 100 101 102 103 104

		git__free(cache->entries);
		cache->entries = NULL;

		return -1;
	}
105 106 107 108

	return 0;
}

109
static git_pack_cache_entry *cache_get(git_pack_cache *cache, off64_t offset)
110
{
111
	git_pack_cache_entry *entry;
112

113 114 115
	if (git_mutex_lock(&cache->lock) < 0)
		return NULL;

116
	if ((entry = git_offmap_get(cache->entries, offset)) != NULL) {
117
		git_atomic_inc(&entry->refcount);
118
		entry->last_usage = cache->use_ctr++;
119 120 121 122 123 124
	}
	git_mutex_unlock(&cache->lock);

	return entry;
}

125 126 127
/* Run with the cache lock held */
static void free_lowest_entry(git_pack_cache *cache)
{
128
	off64_t offset;
129 130
	git_pack_cache_entry *entry;

131
	git_offmap_foreach(cache->entries, offset, entry, {
132 133
		if (entry && entry->refcount.val == 0) {
			cache->memory_used -= entry->raw.len;
134
			git_offmap_delete(cache->entries, offset);
135
			free_cache_object(entry);
136
		}
137
	});
138 139
}

140 141 142 143
static int cache_add(
		git_pack_cache_entry **cached_out,
		git_pack_cache *cache,
		git_rawobj *base,
144
		off64_t offset)
145 146
{
	git_pack_cache_entry *entry;
147
	int exists;
148

149 150 151
	if (base->len > GIT_PACK_CACHE_SIZE_LIMIT)
		return -1;

152 153
	entry = new_cache_object(base);
	if (entry) {
154
		if (git_mutex_lock(&cache->lock) < 0) {
155
			git_error_set(GIT_ERROR_OS, "failed to lock cache");
Jacques Germishuys committed
156
			git__free(entry);
157 158
			return -1;
		}
159
		/* Add it to the cache if nobody else has */
160
		exists = git_offmap_exists(cache->entries, offset);
161
		if (!exists) {
162 163 164
			while (cache->memory_used + base->len > cache->memory_limit)
				free_lowest_entry(cache);

165
			git_offmap_set(cache->entries, offset, entry);
166
			cache->memory_used += entry->raw.len;
167 168

			*cached_out = entry;
169 170 171 172 173 174 175 176 177 178 179 180
		}
		git_mutex_unlock(&cache->lock);
		/* Somebody beat us to adding it into the cache */
		if (exists) {
			git__free(entry);
			return -1;
		}
	}

	return 0;
}

181 182 183 184 185 186 187 188
/***********************************************************
 *
 * PACK INDEX METHODS
 *
 ***********************************************************/

static void pack_index_free(struct git_pack_file *p)
{
189 190 191 192
	if (p->oids) {
		git__free(p->oids);
		p->oids = NULL;
	}
193 194 195 196 197 198
	if (p->index_map.data) {
		git_futils_mmap_free(&p->index_map);
		p->index_map.data = NULL;
	}
}

Vicent Marti committed
199
static int pack_index_check(const char *path, struct git_pack_file *p)
200 201 202 203 204 205 206
{
	struct git_pack_idx_header *hdr;
	uint32_t version, nr, i, *index;
	void *idx_map;
	size_t idx_size;
	struct stat st;
	int error;
207 208
	/* TODO: properly open the file without access time using O_NOATIME */
	git_file fd = git_futils_open_ro(path);
209
	if (fd < 0)
210
		return fd;
211

212 213
	if (p_fstat(fd, &st) < 0) {
		p_close(fd);
214
		git_error_set(GIT_ERROR_OS, "unable to stat pack index '%s'", path);
215 216 217 218
		return -1;
	}

	if (!S_ISREG(st.st_mode) ||
219 220 221
		!git__is_sizet(st.st_size) ||
		(idx_size = (size_t)st.st_size) < 4 * 256 + 20 + 20)
	{
222
		p_close(fd);
223
		git_error_set(GIT_ERROR_ODB, "invalid pack index '%s'", path);
224
		return -1;
225 226 227
	}

	error = git_futils_mmap_ro(&p->index_map, fd, 0, idx_size);
228

229 230
	p_close(fd);

231 232
	if (error < 0)
		return error;
233 234 235 236 237 238 239 240

	hdr = idx_map = p->index_map.data;

	if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) {
		version = ntohl(hdr->idx_version);

		if (version < 2 || version > 2) {
			git_futils_mmap_free(&p->index_map);
241
			return packfile_error("unsupported index version");
242 243 244 245 246 247 248 249 250
		}

	} else
		version = 1;

	nr = 0;
	index = idx_map;

	if (version > 1)
Vicent Marti committed
251
		index += 2; /* skip index header */
252 253 254 255 256

	for (i = 0; i < 256; i++) {
		uint32_t n = ntohl(index[i]);
		if (n < nr) {
			git_futils_mmap_free(&p->index_map);
257
			return packfile_error("index is non-monotonic");
258 259 260 261 262 263 264
		}
		nr = n;
	}

	if (version == 1) {
		/*
		 * Total size:
Vicent Marti committed
265 266 267 268
		 * - 256 index entries 4 bytes each
		 * - 24-byte entries * nr (20-byte sha1 + 4-byte offset)
		 * - 20-byte SHA1 of the packfile
		 * - 20-byte SHA1 file checksum
269 270 271
		 */
		if (idx_size != 4*256 + nr * 24 + 20 + 20) {
			git_futils_mmap_free(&p->index_map);
272
			return packfile_error("index is corrupted");
273 274 275 276
		}
	} else if (version == 2) {
		/*
		 * Minimum size:
Vicent Marti committed
277 278 279 280 281 282 283
		 * - 8 bytes of header
		 * - 256 index entries 4 bytes each
		 * - 20-byte sha1 entry * nr
		 * - 4-byte crc entry * nr
		 * - 4-byte offset entry * nr
		 * - 20-byte SHA1 of the packfile
		 * - 20-byte SHA1 file checksum
284 285 286 287 288 289 290 291 292 293 294 295
		 * And after the 4-byte offset table might be a
		 * variable sized table containing 8-byte entries
		 * for offsets larger than 2^31.
		 */
		unsigned long min_size = 8 + 4*256 + nr*(20 + 4 + 4) + 20 + 20;
		unsigned long max_size = min_size;

		if (nr)
			max_size += (nr - 1)*8;

		if (idx_size < min_size || idx_size > max_size) {
			git_futils_mmap_free(&p->index_map);
296
			return packfile_error("wrong index size");
297 298 299 300
		}
	}

	p->num_objects = nr;
301
	p->index_version = version;
302
	return 0;
303 304 305 306
}

static int pack_index_open(struct git_pack_file *p)
{
307
	int error = 0;
308
	size_t name_len;
309
	git_buf idx_name;
310

311
	if (p->index_version > -1)
Russell Belfer committed
312
		return 0;
313

314 315
	name_len = strlen(p->pack_name);
	assert(name_len > strlen(".pack")); /* checked by git_pack_file alloc */
316

317 318 319
	if (git_buf_init(&idx_name, name_len) < 0)
		return -1;

320 321 322
	git_buf_put(&idx_name, p->pack_name, name_len - strlen(".pack"));
	git_buf_puts(&idx_name, ".idx");
	if (git_buf_oom(&idx_name)) {
323
		git_buf_dispose(&idx_name);
Russell Belfer committed
324
		return -1;
325
	}
326

327
	if ((error = git_mutex_lock(&p->lock)) < 0) {
328
		git_buf_dispose(&idx_name);
Russell Belfer committed
329
		return error;
330
	}
Russell Belfer committed
331

332
	if (p->index_version == -1)
333
		error = pack_index_check(idx_name.ptr, p);
334

335
	git_buf_dispose(&idx_name);
336

337 338
	git_mutex_unlock(&p->lock);

339
	return error;
340 341 342 343
}

static unsigned char *pack_window_open(
		struct git_pack_file *p,
344
		git_mwindow **w_cursor,
345
		off64_t offset,
346 347
		unsigned int *left)
{
348
	if (p->mwf.fd == -1 && packfile_open(p) < 0)
349 350 351 352 353 354
		return NULL;

	/* Since packfiles end in a hash of their content and it's
	 * pointless to ask for an offset into the middle of that
	 * hash, and the pack_window_contains function above wouldn't match
	 * don't allow an offset too close to the end of the file.
355 356 357
	 *
	 * Don't allow a negative offset, as that means we've wrapped
	 * around.
358 359 360
	 */
	if (offset > (p->mwf.size - 20))
		return NULL;
361 362
	if (offset < 0)
		return NULL;
363 364 365 366

	return git_mwindow_open(&p->mwf, w_cursor, offset, 20, left);
 }

367 368 369 370 371 372 373 374
/*
 * The per-object header is a pretty dense thing, which is
 *  - first byte: low four bits are "size",
 *    then three bits of "type",
 *    with the high bit being "size continues".
 *  - each byte afterwards: low seven bits are size continuation,
 *    with the high bit being "size continues"
 */
375
size_t git_packfile__object_header(unsigned char *hdr, size_t size, git_object_t type)
376 377 378 379
{
	unsigned char *hdr_base;
	unsigned char c;

380
	assert(type >= GIT_OBJECT_COMMIT && type <= GIT_OBJECT_REF_DELTA);
381 382 383 384 385 386 387 388 389 390 391 392 393 394

	/* TODO: add support for chunked objects; see git.git 6c0d19b1 */

	c = (unsigned char)((type << 4) | (size & 15));
	size >>= 4;
	hdr_base = hdr;

	while (size) {
		*hdr++ = c | 0x80;
		c = size & 0x7f;
		size >>= 7;
	}
	*hdr++ = c;

395
	return (hdr - hdr_base);
396 397 398
}


399 400
static int packfile_unpack_header1(
		unsigned long *usedp,
401
		size_t *sizep,
402
		git_object_t *type,
403 404 405 406 407 408
		const unsigned char *buf,
		unsigned long len)
{
	unsigned shift;
	unsigned long size, c;
	unsigned long used = 0;
409

410 411 412 413 414
	c = buf[used++];
	*type = (c >> 4) & 7;
	size = c & 15;
	shift = 4;
	while (c & 0x80) {
415
		if (len <= used) {
416
			git_error_set(GIT_ERROR_ODB, "buffer too small");
417
			return GIT_EBUFS;
418
		}
419 420 421

		if (bitsizeof(long) <= shift) {
			*usedp = 0;
422
			git_error_set(GIT_ERROR_ODB, "packfile corrupted");
423 424
			return -1;
		}
425 426 427 428 429 430 431

		c = buf[used++];
		size += (c & 0x7f) << shift;
		shift += 7;
	}

	*sizep = (size_t)size;
432 433
	*usedp = used;
	return 0;
434 435 436 437
}

int git_packfile_unpack_header(
		size_t *size_p,
438
		git_object_t *type_p,
439 440
		git_mwindow_file *mwf,
		git_mwindow **w_curs,
441
		off64_t *curpos)
442 443 444 445
{
	unsigned char *base;
	unsigned int left;
	unsigned long used;
446
	int ret;
447 448

	/* pack_window_open() assures us we have [base, base + 20) available
Vicent Marti committed
449 450
	 * as a range that we can look at at. (Its actually the hash
	 * size that is assured.) With our object header encoding
451 452 453
	 * the maximum deflated object size is 2^137, which is just
	 * insane, so we know won't exceed what we have been given.
	 */
454
/*	base = pack_window_open(p, w_curs, *curpos, &left); */
455 456
	base = git_mwindow_open(mwf, w_curs, *curpos, 20, &left);
	if (base == NULL)
457
		return GIT_EBUFS;
458

459
	ret = packfile_unpack_header1(&used, size_p, type_p, base, left);
460
	git_mwindow_close(w_curs);
461
	if (ret == GIT_EBUFS)
462 463
		return ret;
	else if (ret < 0)
464
		return packfile_error("header length is zero");
465 466

	*curpos += used;
467
	return 0;
468 469
}

470 471
int git_packfile_resolve_header(
		size_t *size_p,
472
		git_object_t *type_p,
473
		struct git_pack_file *p,
474
		off64_t offset)
475 476
{
	git_mwindow *w_curs = NULL;
477
	off64_t curpos = offset;
478
	size_t size;
479
	git_object_t type;
480
	off64_t base_offset;
481 482 483 484 485 486
	int error;

	error = git_packfile_unpack_header(&size, &type, &p->mwf, &w_curs, &curpos);
	if (error < 0)
		return error;

487
	if (type == GIT_OBJECT_OFS_DELTA || type == GIT_OBJECT_REF_DELTA) {
488
		size_t base_size;
489 490
		git_packfile_stream stream;

491
		error = get_delta_base(&base_offset, p, &w_curs, &curpos, type, offset);
492
		git_mwindow_close(&w_curs);
493

494
		if (error < 0)
495 496
			return error;

497
		if ((error = git_packfile_stream_open(&stream, p, curpos)) < 0)
498
			return error;
499
		error = git_delta_read_header_fromstream(&base_size, size_p, &stream);
500
		git_packfile_stream_dispose(&stream);
501 502
		if (error < 0)
			return error;
503
	} else {
504
		*size_p = size;
505 506
		base_offset = 0;
	}
507

508
	while (type == GIT_OBJECT_OFS_DELTA || type == GIT_OBJECT_REF_DELTA) {
509 510 511 512
		curpos = base_offset;
		error = git_packfile_unpack_header(&size, &type, &p->mwf, &w_curs, &curpos);
		if (error < 0)
			return error;
513
		if (type != GIT_OBJECT_OFS_DELTA && type != GIT_OBJECT_REF_DELTA)
514
			break;
515

516
		error = get_delta_base(&base_offset, p, &w_curs, &curpos, type, base_offset);
517
		git_mwindow_close(&w_curs);
518

519
		if (error < 0)
520
			return error;
521 522 523 524 525 526
	}
	*type_p = type;

	return error;
}

527 528
#define SMALL_STACK_SIZE 64

529 530 531 532 533 534
/**
 * Generate the chain of dependencies which we need to get to the
 * object at `off`. `chain` is used a stack, popping gives the right
 * order to apply deltas on. If an object is found in the pack's base
 * cache, we stop calculating there.
 */
535
static int pack_dependency_chain(git_dependency_chain *chain_out,
536
				 git_pack_cache_entry **cached_out, off64_t *cached_off,
537
				 struct pack_chain_elem *small_stack, size_t *stack_sz,
538
				 struct git_pack_file *p, off64_t obj_offset)
539 540 541
{
	git_dependency_chain chain = GIT_ARRAY_INIT;
	git_mwindow *w_curs = NULL;
542
	off64_t curpos = obj_offset, base_offset;
543 544
	int error = 0, use_heap = 0;
	size_t size, elem_pos;
545
	git_object_t type;
546

547
	elem_pos = 0;
548 549 550 551 552 553 554 555 556 557 558
	while (true) {
		struct pack_chain_elem *elem;
		git_pack_cache_entry *cached = NULL;

		/* if we have a base cached, we can stop here instead */
		if ((cached = cache_get(&p->bases, obj_offset)) != NULL) {
			*cached_out = cached;
			*cached_off = obj_offset;
			break;
		}

559 560 561
		/* if we run out of space on the small stack, use the array */
		if (elem_pos == SMALL_STACK_SIZE) {
			git_array_init_to_size(chain, elem_pos);
562
			GIT_ERROR_CHECK_ARRAY(chain);
563 564 565 566 567
			memcpy(chain.ptr, small_stack, elem_pos * sizeof(struct pack_chain_elem));
			chain.size = elem_pos;
			use_heap = 1;
		}

568
		curpos = obj_offset;
569 570 571 572 573 574 575 576
		if (!use_heap) {
			elem = &small_stack[elem_pos];
		} else {
			elem = git_array_alloc(chain);
			if (!elem) {
				error = -1;
				goto on_error;
			}
577 578 579 580 581 582 583 584 585 586 587 588 589 590
		}

		elem->base_key = obj_offset;

		error = git_packfile_unpack_header(&size, &type, &p->mwf, &w_curs, &curpos);

		if (error < 0)
			goto on_error;

		elem->offset = curpos;
		elem->size = size;
		elem->type = type;
		elem->base_key = obj_offset;

591
		if (type != GIT_OBJECT_OFS_DELTA && type != GIT_OBJECT_REF_DELTA)
592 593
			break;

594
		error = get_delta_base(&base_offset, p, &w_curs, &curpos, type, obj_offset);
595 596
		git_mwindow_close(&w_curs);

597
		if (error < 0)
598 599 600 601 602 603 604
			goto on_error;

		/* we need to pass the pos *after* the delta-base bit */
		elem->offset = curpos;

		/* go through the loop again, but with the new object */
		obj_offset = base_offset;
605
		elem_pos++;
606 607
	}

608

609
	*stack_sz = elem_pos + 1;
610 611 612 613 614 615 616 617
	*chain_out = chain;
	return error;

on_error:
	git_array_clear(chain);
	return error;
}

618
int git_packfile_unpack(
619 620
	git_rawobj *obj,
	struct git_pack_file *p,
621
	off64_t *obj_offset)
622 623
{
	git_mwindow *w_curs = NULL;
624
	off64_t curpos = *obj_offset;
625 626
	int error, free_base = 0;
	git_dependency_chain chain = GIT_ARRAY_INIT;
627
	struct pack_chain_elem *elem = NULL, *stack;
628
	git_pack_cache_entry *cached = NULL;
629
	struct pack_chain_elem small_stack[SMALL_STACK_SIZE];
630
	size_t stack_size = 0, elem_pos, alloclen;
631
	git_object_t base_type;
632 633 634 635 636

	/*
	 * TODO: optionally check the CRC on the packfile
	 */

637
	error = pack_dependency_chain(&chain, &cached, obj_offset, small_stack, &stack_size, p, *obj_offset);
638 639 640
	if (error < 0)
		return error;

641 642
	obj->data = NULL;
	obj->len = 0;
643
	obj->type = GIT_OBJECT_INVALID;
644

645 646 647 648
	/* let's point to the right stack */
	stack = chain.ptr ? chain.ptr : small_stack;

	elem_pos = stack_size;
649
	if (cached) {
650
		memcpy(obj, &cached->raw, sizeof(git_rawobj));
651
		base_type = obj->type;
652
		elem_pos--;	/* stack_size includes the base, which isn't actually there */
653
	} else {
654
		elem = &stack[--elem_pos];
655
		base_type = elem->type;
656
	}
657

658
	switch (base_type) {
659 660 661 662
	case GIT_OBJECT_COMMIT:
	case GIT_OBJECT_TREE:
	case GIT_OBJECT_BLOB:
	case GIT_OBJECT_TAG:
663
		if (!cached) {
664 665 666
			curpos = elem->offset;
			error = packfile_unpack_compressed(obj, p, &w_curs, &curpos, elem->size, elem->type);
			git_mwindow_close(&w_curs);
667
			base_type = elem->type;
668 669 670 671
		}
		if (error < 0)
			goto cleanup;
		break;
672 673
	case GIT_OBJECT_OFS_DELTA:
	case GIT_OBJECT_REF_DELTA:
674 675 676 677 678 679 680
		error = packfile_error("dependency chain ends in a delta");
		goto cleanup;
	default:
		error = packfile_error("invalid packfile type in header");
		goto cleanup;
	}

681
	/*
682
	 * Finding the object we want a cached base element is
683 684 685 686
	 * problematic, as we need to make sure we don't accidentally
	 * give the caller the cached object, which it would then feel
	 * free to free, so we need to copy the data.
	 */
687
	if (cached && stack_size == 1) {
688
		void *data = obj->data;
689

690
		GIT_ERROR_CHECK_ALLOC_ADD(&alloclen, obj->len, 1);
691
		obj->data = git__malloc(alloclen);
692
		GIT_ERROR_CHECK_ALLOC(obj->data);
693

694 695 696 697 698
		memcpy(obj->data, data, obj->len + 1);
		git_atomic_dec(&cached->refcount);
		goto cleanup;
	}

699
	/* we now apply each consecutive delta until we run out */
700
	while (elem_pos > 0 && !error) {
701 702
		git_rawobj base, delta;

703 704 705 706 707
		/*
		 * We can now try to add the base to the cache, as
		 * long as it's not already the cached one.
		 */
		if (!cached)
708
			free_base = !!cache_add(&cached, &p->bases, obj, elem->base_key);
709

710
		elem = &stack[elem_pos - 1];
711 712 713 714
		curpos = elem->offset;
		error = packfile_unpack_compressed(&delta, p, &w_curs, &curpos, elem->size, elem->type);
		git_mwindow_close(&w_curs);

lhchavez committed
715 716 717
		if (error < 0) {
			/* We have transferred ownership of the data to the cache. */
			obj->data = NULL;
718
			break;
lhchavez committed
719
		}
720 721 722 723 724

		/* the current object becomes the new base, on which we apply the delta */
		base = *obj;
		obj->data = NULL;
		obj->len = 0;
725
		obj->type = GIT_OBJECT_INVALID;
726

727
		error = git_delta_apply(&obj->data, &obj->len, base.data, base.len, delta.data, delta.len);
728
		obj->type = base_type;
729

730 731 732 733 734 735
		/*
		 * We usually don't want to free the base at this
		 * point, as we put it into the cache in the previous
		 * iteration. free_base lets us know that we got the
		 * base object directly from the packfile, so we can free it.
		 */
736
		git__free(delta.data);
737 738 739 740 741 742 743 744 745
		if (free_base) {
			free_base = 0;
			git__free(base.data);
		}

		if (cached) {
			git_atomic_dec(&cached->refcount);
			cached = NULL;
		}
746 747 748

		if (error < 0)
			break;
749

750
		elem_pos--;
751 752
	}

753
cleanup:
754
	if (error < 0) {
755
		git__free(obj->data);
756 757 758
		if (cached)
			git_atomic_dec(&cached->refcount);
	}
759

760
	if (elem)
761
		*obj_offset = curpos;
762

763
	git_array_clear(chain);
764
	return error;
765 766
}

767
int git_packfile_stream_open(git_packfile_stream *obj, struct git_pack_file *p, off64_t curpos)
768 769 770 771
{
	memset(obj, 0, sizeof(git_packfile_stream));
	obj->curpos = curpos;
	obj->p = p;
772 773

	if (git_zstream_init(&obj->zstream, GIT_ZSTREAM_INFLATE) < 0) {
774
		git_error_set(GIT_ERROR_ZLIB, "failed to init packfile stream");
775 776 777 778 779 780 781 782
		return -1;
	}

	return 0;
}

ssize_t git_packfile_stream_read(git_packfile_stream *obj, void *buffer, size_t len)
{
783
	unsigned int window_len;
784
	unsigned char *in;
785
	int error;
786 787 788 789

	if (obj->done)
		return 0;

790
	if ((in = pack_window_open(obj->p, &obj->mw, obj->curpos, &window_len)) == NULL)
791 792
		return GIT_EBUFS;

793 794 795
	if ((error = git_zstream_set_input(&obj->zstream, in, window_len)) < 0 ||
	    (error = git_zstream_get_output_chunk(buffer, &len, &obj->zstream)) < 0) {
		git_mwindow_close(&obj->mw);
796
		git_error_set(GIT_ERROR_ZLIB, "error reading from the zlib stream");
797 798 799
		return -1;
	}

800
	git_mwindow_close(&obj->mw);
801

802 803 804 805
	obj->curpos += window_len - obj->zstream.in_len;

	if (git_zstream_eos(&obj->zstream))
		obj->done = 1;
806 807

	/* If we didn't write anything out but we're not done, we need more data */
808
	if (!len && !git_zstream_eos(&obj->zstream))
809 810
		return GIT_EBUFS;

811
	return len;
812 813 814

}

815
void git_packfile_stream_dispose(git_packfile_stream *obj)
816
{
817
	git_zstream_free(&obj->zstream);
818 819
}

820
static int packfile_unpack_compressed(
821 822
	git_rawobj *obj,
	struct git_pack_file *p,
823 824
	git_mwindow **mwindow,
	off64_t *position,
825
	size_t size,
826
	git_object_t type)
827
{
828 829 830 831
	git_zstream zstream = GIT_ZSTREAM_INIT;
	size_t buffer_len, total = 0;
	char *data = NULL;
	int error;
832

833 834 835
	GIT_ERROR_CHECK_ALLOC_ADD(&buffer_len, size, 1);
	data = git__calloc(1, buffer_len);
	GIT_ERROR_CHECK_ALLOC(data);
836

837
	if ((error = git_zstream_init(&zstream, GIT_ZSTREAM_INFLATE)) < 0) {
838
		git_error_set(GIT_ERROR_ZLIB, "failed to init zlib stream on unpack");
839
		goto out;
840 841 842
	}

	do {
843 844 845
		size_t bytes = buffer_len - total;
		unsigned int window_len;
		unsigned char *in;
846

847
		in = pack_window_open(p, mwindow, *position, &window_len);
848

849 850 851 852
		if ((error = git_zstream_set_input(&zstream, in, window_len)) < 0 ||
		    (error = git_zstream_get_output_chunk(data + total, &bytes, &zstream)) < 0) {
			git_mwindow_close(mwindow);
			goto out;
853 854
		}

855
		git_mwindow_close(mwindow);
856

857 858 859
		*position += window_len - zstream.in_len;
		total += bytes;
	} while (total < size);
860

861
	if (total != size || !git_zstream_eos(&zstream)) {
862
		git_error_set(GIT_ERROR_ZLIB, "error inflating zlib stream");
863 864
		error = -1;
		goto out;
865 866 867 868
	}

	obj->type = type;
	obj->len = size;
869 870 871 872 873 874 875 876
	obj->data = data;

out:
	git_zstream_free(&zstream);
	if (error)
		git__free(data);

	return error;
877 878
}

879 880 881 882
/*
 * curpos is where the data starts, delta_obj_offset is the where the
 * header starts
 */
883 884 885 886 887 888 889
int get_delta_base(
		off64_t *delta_base_out,
		struct git_pack_file *p,
		git_mwindow **w_curs,
		off64_t *curpos,
		git_object_t type,
		off64_t delta_obj_offset)
890
{
891 892
	unsigned int left = 0;
	unsigned char *base_info;
893
	off64_t base_offset;
894 895
	git_oid unused;

896 897
	assert(delta_base_out);

898 899 900
	base_info = pack_window_open(p, w_curs, *curpos, &left);
	/* Assumption: the only reason this would fail is because the file is too small */
	if (base_info == NULL)
901
		return GIT_EBUFS;
902 903
	/* pack_window_open() assured us we have [base_info, base_info + 20)
	 * as a range that we can look at without walking off the
Vicent Marti committed
904 905
	 * end of the mapped window. Its actually the hash size
	 * that is assured. An OFS_DELTA longer than the hash size
906 907
	 * is stupid, as then a REF_DELTA would be smaller to store.
	 */
908
	if (type == GIT_OBJECT_OFS_DELTA) {
909 910
		unsigned used = 0;
		unsigned char c = base_info[used++];
lhchavez committed
911
		size_t unsigned_base_offset = c & 127;
912
		while (c & 128) {
913
			if (left <= used)
914
				return GIT_EBUFS;
lhchavez committed
915 916
			unsigned_base_offset += 1;
			if (!unsigned_base_offset || MSB(unsigned_base_offset, 7))
917
				return packfile_error("overflow");
918
			c = base_info[used++];
lhchavez committed
919
			unsigned_base_offset = (unsigned_base_offset << 7) + (c & 127);
920
		}
921
		if (unsigned_base_offset == 0 || (size_t)delta_obj_offset <= unsigned_base_offset)
922
			return packfile_error("out of bounds");
lhchavez committed
923
		base_offset = delta_obj_offset - unsigned_base_offset;
924
		*curpos += used;
925
	} else if (type == GIT_OBJECT_REF_DELTA) {
926 927
		/* If we have the cooperative cache, search in it first */
		if (p->has_cache) {
928
			struct git_pack_entry *entry;
929
			git_oid oid;
930

931
			git_oid_fromraw(&oid, base_info);
932
			if ((entry = git_oidmap_get(p->idx_cache, &oid)) != NULL) {
933 934 935
				if (entry->offset == 0)
					return packfile_error("delta offset is zero");

936
				*curpos += 20;
937 938
				*delta_base_out = entry->offset;
				return 0;
939 940 941 942 943 944
			} else {
				/* If we're building an index, don't try to find the pack
				 * entry; we just haven't seen it yet.  We'll make
				 * progress again in the next loop.
				 */
				return GIT_PASSTHROUGH;
945 946
			}
		}
947

948
		/* The base entry _must_ be in the same pack */
949 950
		if (pack_entry_find_offset(&base_offset, &unused, p, (git_oid *)base_info, GIT_OID_HEXSZ) < 0)
			return packfile_error("base entry delta is not in the same pack");
951 952
		*curpos += 20;
	} else
953
		return packfile_error("unknown object type");
954

955 956 957
	if (base_offset == 0)
		return packfile_error("delta offset is zero");

958 959
	*delta_base_out = base_offset;
	return 0;
960
}
961 962 963 964 965 966 967

/***********************************************************
 *
 * PACKFILE METHODS
 *
 ***********************************************************/

968 969 970 971 972 973 974 975 976 977 978 979
void git_packfile_close(struct git_pack_file *p, bool unlink_packfile)
{
	if (p->mwf.fd >= 0) {
		git_mwindow_free_all_locked(&p->mwf);
		p_close(p->mwf.fd);
		p->mwf.fd = -1;
	}

	if (unlink_packfile)
		p_unlink(p->pack_name);
}

980
void git_packfile_free(struct git_pack_file *p)
981
{
982 983 984
	if (!p)
		return;

985
	cache_free(&p->bases);
986

987
	git_packfile_close(p, false);
988 989 990

	pack_index_free(p);

991
	git__free(p->bad_object_sha1);
992 993

	git_mutex_free(&p->lock);
994
	git_mutex_free(&p->bases.lock);
995
	git__free(p);
996 997 998 999 1000 1001 1002 1003 1004
}

static int packfile_open(struct git_pack_file *p)
{
	struct stat st;
	struct git_pack_header hdr;
	git_oid sha1;
	unsigned char *idx_sha1;

1005
	if (p->index_version == -1 && pack_index_open(p) < 0)
1006
		return git_odb__error_notfound("failed to open packfile", NULL, 0);
1007

1008 1009 1010 1011 1012 1013 1014 1015 1016
	/* if mwf opened by another thread, return now */
	if (git_mutex_lock(&p->lock) < 0)
		return packfile_error("failed to get lock for open");

	if (p->mwf.fd >= 0) {
		git_mutex_unlock(&p->lock);
		return 0;
	}

1017
	/* TODO: open with noatime */
1018
	p->mwf.fd = git_futils_open_ro(p->pack_name);
1019 1020
	if (p->mwf.fd < 0)
		goto cleanup;
1021

1022 1023 1024
	if (p_fstat(p->mwf.fd, &st) < 0 ||
		git_mwindow_file_register(&p->mwf) < 0)
		goto cleanup;
1025 1026 1027 1028 1029

	/* If we created the struct before we had the pack we lack size. */
	if (!p->mwf.size) {
		if (!S_ISREG(st.st_mode))
			goto cleanup;
1030
		p->mwf.size = (off64_t)st.st_size;
1031 1032 1033 1034 1035 1036 1037 1038 1039
	} else if (p->mwf.size != st.st_size)
		goto cleanup;

#if 0
	/* We leave these file descriptors open with sliding mmap;
	 * there is no point keeping them open across exec(), though.
	 */
	fd_flag = fcntl(p->mwf.fd, F_GETFD, 0);
	if (fd_flag < 0)
1040
		goto cleanup;
1041 1042 1043

	fd_flag |= FD_CLOEXEC;
	if (fcntl(p->pack_fd, F_SETFD, fd_flag) == -1)
1044
		goto cleanup;
1045 1046 1047
#endif

	/* Verify we recognize this pack file format. */
1048 1049 1050
	if (p_read(p->mwf.fd, &hdr, sizeof(hdr)) < 0 ||
		hdr.hdr_signature != htonl(PACK_SIGNATURE) ||
		!pack_version_ok(hdr.hdr_version))
1051 1052 1053
		goto cleanup;

	/* Verify the pack matches its index. */
1054 1055 1056
	if (p->num_objects != ntohl(hdr.hdr_entries) ||
		p_lseek(p->mwf.fd, p->mwf.size - GIT_OID_RAWSZ, SEEK_SET) == -1 ||
		p_read(p->mwf.fd, sha1.id, GIT_OID_RAWSZ) < 0)
1057 1058 1059 1060
		goto cleanup;

	idx_sha1 = ((unsigned char *)p->index_map.data) + p->index_map.len - 40;

1061 1062 1063 1064 1065
	if (git_oid__cmp(&sha1, (git_oid *)idx_sha1) != 0)
		goto cleanup;

	git_mutex_unlock(&p->lock);
	return 0;
1066 1067

cleanup:
1068
	git_error_set(GIT_ERROR_OS, "invalid packfile '%s'", p->pack_name);
1069

1070 1071
	if (p->mwf.fd >= 0)
		p_close(p->mwf.fd);
1072
	p->mwf.fd = -1;
1073 1074 1075

	git_mutex_unlock(&p->lock);

1076
	return -1;
1077 1078
}

1079 1080 1081 1082 1083 1084 1085 1086
int git_packfile__name(char **out, const char *path)
{
	size_t path_len;
	git_buf buf = GIT_BUF_INIT;

	path_len = strlen(path);

	if (path_len < strlen(".idx"))
1087
		return git_odb__error_notfound("invalid packfile path", NULL, 0);
1088 1089 1090 1091 1092 1093 1094 1095

	if (git_buf_printf(&buf, "%.*s.pack", (int)(path_len - strlen(".idx")), path) < 0)
		return -1;

	*out = git_buf_detach(&buf);
	return 0;
}

1096
int git_packfile_alloc(struct git_pack_file **pack_out, const char *path)
1097 1098 1099
{
	struct stat st;
	struct git_pack_file *p;
1100
	size_t path_len = path ? strlen(path) : 0, alloc_len;
1101 1102

	*pack_out = NULL;
1103

1104
	if (path_len < strlen(".idx"))
1105
		return git_odb__error_notfound("invalid packfile path", NULL, 0);
1106

1107 1108
	GIT_ERROR_CHECK_ALLOC_ADD(&alloc_len, sizeof(*p), path_len);
	GIT_ERROR_CHECK_ALLOC_ADD(&alloc_len, alloc_len, 2);
1109

1110
	p = git__calloc(1, alloc_len);
1111
	GIT_ERROR_CHECK_ALLOC(p);
1112

1113 1114
	memcpy(p->pack_name, path, path_len + 1);

1115 1116 1117 1118
	/*
	 * Make sure a corresponding .pack file exists and that
	 * the index looks sane.
	 */
1119 1120 1121
	if (git__suffixcmp(path, ".idx") == 0) {
		size_t root_len = path_len - strlen(".idx");

1122 1123 1124 1125 1126
		if (!git_disable_pack_keep_file_checks) {
			memcpy(p->pack_name + root_len, ".keep", sizeof(".keep"));
			if (git_path_exists(p->pack_name) == true)
				p->pack_keep = 1;
		}
1127

1128 1129
		memcpy(p->pack_name + root_len, ".pack", sizeof(".pack"));
	}
1130

1131
	if (p_stat(p->pack_name, &st) < 0 || !S_ISREG(st.st_mode)) {
1132
		git__free(p);
1133
		return git_odb__error_notfound("packfile not found", NULL, 0);
1134 1135 1136 1137 1138
	}

	/* ok, it looks sane as far as we can check without
	 * actually mapping the pack file.
	 */
1139
	p->mwf.fd = -1;
1140
	p->mwf.size = st.st_size;
1141 1142
	p->pack_local = 1;
	p->mtime = (git_time_t)st.st_mtime;
1143
	p->index_version = -1;
1144

Russell Belfer committed
1145
	if (git_mutex_init(&p->lock)) {
1146
		git_error_set(GIT_ERROR_OS, "failed to initialize packfile mutex");
Russell Belfer committed
1147 1148 1149
		git__free(p);
		return -1;
	}
1150

1151 1152 1153 1154 1155
	if (cache_init(&p->bases) < 0) {
		git__free(p);
		return -1;
	}

1156
	*pack_out = p;
1157 1158

	return 0;
1159 1160 1161 1162 1163 1164 1165 1166
}

/***********************************************************
 *
 * PACKFILE ENTRY SEARCH INTERNALS
 *
 ***********************************************************/

1167
static off64_t nth_packed_object_offset(const struct git_pack_file *p, uint32_t n)
1168 1169
{
	const unsigned char *index = p->index_map.data;
1170
	const unsigned char *end = index + p->index_map.len;
1171 1172 1173 1174 1175 1176 1177 1178 1179 1180
	index += 4 * 256;
	if (p->index_version == 1) {
		return ntohl(*((uint32_t *)(index + 24 * n)));
	} else {
		uint32_t off;
		index += 8 + p->num_objects * (20 + 4);
		off = ntohl(*((uint32_t *)(index + 4 * n)));
		if (!(off & 0x80000000))
			return off;
		index += p->num_objects * 4 + (off & 0x7fffffff) * 8;
1181 1182 1183 1184 1185

		/* Make sure we're not being sent out of bounds */
		if (index >= end - 8)
			return -1;

1186
		return (((uint64_t)ntohl(*((uint32_t *)(index + 0)))) << 32) |
Vicent Marti committed
1187
					ntohl(*((uint32_t *)(index + 4)));
1188 1189 1190
	}
}

1191 1192 1193 1194
static int git__memcmp4(const void *a, const void *b) {
	return memcmp(a, b, 4);
}

1195
int git_pack_foreach_entry(
1196
	struct git_pack_file *p,
1197
	git_odb_foreach_cb cb,
1198
	void *data)
1199 1200 1201
{
	const unsigned char *index = p->index_map.data, *current;
	uint32_t i;
1202
	int error = 0;
1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218

	if (index == NULL) {
		if ((error = pack_index_open(p)) < 0)
			return error;

		assert(p->index_map.data);

		index = p->index_map.data;
	}

	if (p->index_version > 1) {
		index += 8;
	}

	index += 4 * 256;

1219 1220
	if (p->oids == NULL) {
		git_vector offsets, oids;
1221

1222 1223 1224 1225 1226
		if ((error = git_vector_init(&oids, p->num_objects, NULL)))
			return error;

		if ((error = git_vector_init(&offsets, p->num_objects, git__memcmp4)))
			return error;
1227

1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241
		if (p->index_version > 1) {
			const unsigned char *off = index + 24 * p->num_objects;
			for (i = 0; i < p->num_objects; i++)
				git_vector_insert(&offsets, (void*)&off[4 * i]);
			git_vector_sort(&offsets);
			git_vector_foreach(&offsets, i, current)
				git_vector_insert(&oids, (void*)&index[5 * (current - off)]);
		} else {
			for (i = 0; i < p->num_objects; i++)
				git_vector_insert(&offsets, (void*)&index[24 * i]);
			git_vector_sort(&offsets);
			git_vector_foreach(&offsets, i, current)
				git_vector_insert(&oids, (void*)&current[4]);
		}
1242

1243
		git_vector_free(&offsets);
1244
		p->oids = (git_oid **)git_vector_detach(NULL, NULL, &oids);
1245 1246
	}

1247
	for (i = 0; i < p->num_objects; i++)
1248
		if ((error = cb(p->oids[i], data)) != 0)
1249
			return git_error_set_after_callback(error);
1250

1251
	return error;
1252 1253
}

1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274
static int sha1_position(const void *table, size_t stride, unsigned lo,
			 unsigned hi, const unsigned char *key)
{
	const unsigned char *base = table;

	while (lo < hi) {
		unsigned mi = (lo + hi) / 2;
		int cmp = git_oid__hashcmp(base + mi * stride, key);

		if (!cmp)
			return mi;

		if (cmp > 0)
			hi = mi;
		else
			lo = mi+1;
	}

	return -((int)lo)-1;
}

1275
static int pack_entry_find_offset(
1276
	off64_t *offset_out,
1277 1278 1279
	git_oid *found_oid,
	struct git_pack_file *p,
	const git_oid *short_oid,
1280
	size_t len)
1281
{
1282 1283
	const uint32_t *level1_ofs;
	const unsigned char *index;
1284 1285
	unsigned hi, lo, stride;
	int pos, found = 0;
1286
	off64_t offset;
1287 1288 1289 1290
	const unsigned char *current = 0;

	*offset_out = 0;

1291
	if (p->index_version == -1) {
1292
		int error;
1293

1294 1295 1296 1297
		if ((error = pack_index_open(p)) < 0)
			return error;
		assert(p->index_map.data);
	}
1298

1299 1300 1301
	index = p->index_map.data;
	level1_ofs = p->index_map.data;

1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322
	if (p->index_version > 1) {
		level1_ofs += 2;
		index += 8;
	}

	index += 4 * 256;
	hi = ntohl(level1_ofs[(int)short_oid->id[0]]);
	lo = ((short_oid->id[0] == 0x0) ? 0 : ntohl(level1_ofs[(int)short_oid->id[0] - 1]));

	if (p->index_version > 1) {
		stride = 20;
	} else {
		stride = 24;
		index += 4;
	}

#ifdef INDEX_DEBUG_LOOKUP
	printf("%02x%02x%02x... lo %u hi %u nr %d\n",
		short_oid->id[0], short_oid->id[1], short_oid->id[2], lo, hi, p->num_objects);
#endif

1323
	pos = sha1_position(index, stride, lo, hi, short_oid->id);
1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335

	if (pos >= 0) {
		/* An object matching exactly the oid was found */
		found = 1;
		current = index + pos * stride;
	} else {
		/* No object was found */
		/* pos refers to the object with the "closest" oid to short_oid */
		pos = - 1 - pos;
		if (pos < (int)p->num_objects) {
			current = index + pos * stride;

Russell Belfer committed
1336
			if (!git_oid_ncmp(short_oid, (const git_oid *)current, len))
1337 1338 1339 1340
				found = 1;
		}
	}

1341
	if (found && len != GIT_OID_HEXSZ && pos + 1 < (int)p->num_objects) {
1342 1343 1344 1345 1346 1347 1348 1349
		/* Check for ambiguousity */
		const unsigned char *next = current + stride;

		if (!git_oid_ncmp(short_oid, (const git_oid *)next, len)) {
			found = 2;
		}
	}

1350
	if (!found)
1351
		return git_odb__error_notfound("failed to find offset for pack entry", short_oid, len);
1352 1353
	if (found > 1)
		return git_odb__error_ambiguous("found multiple offsets for pack entry");
1354

1355
	if ((offset = nth_packed_object_offset(p, pos)) < 0) {
1356
		git_error_set(GIT_ERROR_ODB, "packfile index is corrupt");
1357 1358 1359 1360
		return -1;
	}

	*offset_out = offset;
1361
	git_oid_fromraw(found_oid, current);
1362 1363

#ifdef INDEX_DEBUG_LOOKUP
1364
	{
1365 1366 1367 1368 1369
		unsigned char hex_sha1[GIT_OID_HEXSZ + 1];
		git_oid_fmt(hex_sha1, found_oid);
		hex_sha1[GIT_OID_HEXSZ] = '\0';
		printf("found lo=%d %s\n", lo, hex_sha1);
	}
1370
#endif
1371

1372
	return 0;
1373 1374 1375 1376 1377 1378
}

int git_pack_entry_find(
		struct git_pack_entry *e,
		struct git_pack_file *p,
		const git_oid *short_oid,
1379
		size_t len)
1380
{
1381
	off64_t offset;
1382 1383 1384 1385 1386 1387 1388 1389
	git_oid found_oid;
	int error;

	assert(p);

	if (len == GIT_OID_HEXSZ && p->num_bad_objects) {
		unsigned i;
		for (i = 0; i < p->num_bad_objects; i++)
1390
			if (git_oid__cmp(short_oid, &p->bad_object_sha1[i]) == 0)
1391
				return packfile_error("bad object found in packfile");
1392 1393 1394
	}

	error = pack_entry_find_offset(&offset, &found_oid, p, short_oid, len);
1395 1396
	if (error < 0)
		return error;
1397 1398 1399 1400

	/* we found a unique entry in the index;
	 * make sure the packfile backing the index
	 * still exists on disk */
1401 1402
	if (p->mwf.fd == -1 && (error = packfile_open(p)) < 0)
		return error;
1403 1404 1405 1406 1407

	e->offset = offset;
	e->p = p;

	git_oid_cpy(&e->sha1, &found_oid);
1408
	return 0;
1409
}