| Message ID | 20240302190348.3946569-4-gitster@pobox.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 4c9355ff48a33eb60a4f2a51f08939320cf3f2d3 |
| Headers | show |
| Series | Auditing use of xwrite() | expand |
diff --git a/builtin/repack.c b/builtin/repack.c index ede36328a3..15e4cccc45 100644 --- a/builtin/repack.c +++ b/builtin/repack.c @@ -314,8 +314,9 @@ static int write_oid(const struct object_id *oid, die(_("could not start pack-objects to repack promisor objects")); } - xwrite(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz); - xwrite(cmd->in, "\n", 1); + if (write_in_full(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz) < 0 || + write_in_full(cmd->in, "\n", 1) < 0) + die(_("failed to feed promisor objects to pack-objects")); return 0; }
When "git repack" repacks promisor objects, it starts a pack-objects subprocess and uses xwrite() to send object names over the pipe to it, but without any error checking. An I/O error or short write (even though a short write is unlikely for such a small amount of data) can result in a packfile that lacks certain objects we wanted to put in there, leading to a silent repository corruption. Use write_in_full(), instead of xwrite(), to mitigate short write risks, check errors from it, and abort if we see a failure. Signed-off-by: Junio C Hamano <gitster@pobox.com> --- builtin/repack.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)