Fossil SCM
Detect infinite loops in the DELTA table and abort out of content_get() when they are found. Fix an off-by-one error in the version-3 clone protocol. This error might cause an incomplete and corrupt clone if a transfer block fills up just before sending the very last blob. Backport of fixes from [2012-08-23 23:15:36]
Commit
99053ab14108599b4a89cacb47530e44b779004c
Parent
76c6f8fcb8a9862…
2 files changed
+3
+1
-1
+3
| --- src/content.c | ||
| +++ src/content.c | ||
| @@ -269,10 +269,13 @@ | ||
| 269 | 269 | n = 1; |
| 270 | 270 | while( !bag_find(&contentCache.inCache, nextRid) |
| 271 | 271 | && (nextRid = findSrcid(nextRid))>0 ){ |
| 272 | 272 | n++; |
| 273 | 273 | if( n>=nAlloc ){ |
| 274 | + if( n>db_int(0, "SELECT max(rid) FROM blob") ){ | |
| 275 | + fossil_panic("infinite loop in DELTA table"); | |
| 276 | + } | |
| 274 | 277 | nAlloc = nAlloc*2 + 10; |
| 275 | 278 | a = fossil_realloc(a, nAlloc*sizeof(a[0])); |
| 276 | 279 | } |
| 277 | 280 | a[n] = nextRid; |
| 278 | 281 | } |
| 279 | 282 |
| --- src/content.c | |
| +++ src/content.c | |
| @@ -269,10 +269,13 @@ | |
| 269 | n = 1; |
| 270 | while( !bag_find(&contentCache.inCache, nextRid) |
| 271 | && (nextRid = findSrcid(nextRid))>0 ){ |
| 272 | n++; |
| 273 | if( n>=nAlloc ){ |
| 274 | nAlloc = nAlloc*2 + 10; |
| 275 | a = fossil_realloc(a, nAlloc*sizeof(a[0])); |
| 276 | } |
| 277 | a[n] = nextRid; |
| 278 | } |
| 279 |
| --- src/content.c | |
| +++ src/content.c | |
| @@ -269,10 +269,13 @@ | |
| 269 | n = 1; |
| 270 | while( !bag_find(&contentCache.inCache, nextRid) |
| 271 | && (nextRid = findSrcid(nextRid))>0 ){ |
| 272 | n++; |
| 273 | if( n>=nAlloc ){ |
| 274 | if( n>db_int(0, "SELECT max(rid) FROM blob") ){ |
| 275 | fossil_panic("infinite loop in DELTA table"); |
| 276 | } |
| 277 | nAlloc = nAlloc*2 + 10; |
| 278 | a = fossil_realloc(a, nAlloc*sizeof(a[0])); |
| 279 | } |
| 280 | a[n] = nextRid; |
| 281 | } |
| 282 |
+1
-1
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -994,11 +994,11 @@ | ||
| 994 | 994 | }else{ |
| 995 | 995 | send_file(&xfer, seqno, 0, 1); |
| 996 | 996 | } |
| 997 | 997 | seqno++; |
| 998 | 998 | } |
| 999 | - if( seqno>=max ) seqno = 0; | |
| 999 | + if( seqno>max ) seqno = 0; | |
| 1000 | 1000 | @ clone_seqno %d(seqno) |
| 1001 | 1001 | }else{ |
| 1002 | 1002 | isClone = 1; |
| 1003 | 1003 | isPull = 1; |
| 1004 | 1004 | deltaFlag = 1; |
| 1005 | 1005 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -994,11 +994,11 @@ | |
| 994 | }else{ |
| 995 | send_file(&xfer, seqno, 0, 1); |
| 996 | } |
| 997 | seqno++; |
| 998 | } |
| 999 | if( seqno>=max ) seqno = 0; |
| 1000 | @ clone_seqno %d(seqno) |
| 1001 | }else{ |
| 1002 | isClone = 1; |
| 1003 | isPull = 1; |
| 1004 | deltaFlag = 1; |
| 1005 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -994,11 +994,11 @@ | |
| 994 | }else{ |
| 995 | send_file(&xfer, seqno, 0, 1); |
| 996 | } |
| 997 | seqno++; |
| 998 | } |
| 999 | if( seqno>max ) seqno = 0; |
| 1000 | @ clone_seqno %d(seqno) |
| 1001 | }else{ |
| 1002 | isClone = 1; |
| 1003 | isPull = 1; |
| 1004 | deltaFlag = 1; |
| 1005 |