8000 Bus error 10: in pack_entry_find_offset · Issue #6795 · libgit2/libgit2 · GitHub
[go: up one dir, main page]
Skip to content

Bus error 10: in pack_entry_find_offset #6795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ConradIrwin opened this issue Apr 15, 2024 · 0 comments · Fixed by zed-industries/zed#10561 or #6796
Closed

Bus error 10: in pack_entry_find_offset #6795

ConradIrwin opened this issue Apr 15, 2024 · 0 comments · Fixed by zed-industries/zed#10561 or #6796

Comments

@ConradIrwin
Copy link
Contributor

Reproduction steps

  • (probably) Opening a corrupt git repository.
  • We use libgit2 at Zed and our telemetry has identified a few crashes like this every week.
  • We haven't been able to reproduce the bug ourselves yet:
Bus error: 10 on thread 708354 ( com.apple.root.user-initiated-qos)
pack_entry_find_offset (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 112
git_pack_entry_find (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 144
pack_entry_find (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 176
pack_backend__read (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 72
odb_read_1 (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 436
git_odb_read (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 276
git_object_lookup_prefix (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 428
tree_iterator_frame_push (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 64
tree_iterator_advance (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 488
iterator_advance (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 60
git_diff__from_iterators (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 1984
git_diff_tree_to_index (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 376
git_status_list_new (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 692
/Users/administrator/.cargo/registry/src/index.crates.io-6f17d22bba15001f/git2-0.15.0/src/call.rs:42:	git2::call::c_try
/Users/administrator/.cargo/registry/src/index.crates.io-6f17d22bba15001f/git2-0.15.0/src/repo.rs:924:	<git2::repo::Repository>::statuses
crates/fs/src/repository.rs:139:	<fs::repository::RealGitRepository as fs::repository::GitRepository>::staged_statuses

Expected behavior

  • libgit2 should not issue an out-of-bounds memory read.

Actual behavior

  • There seems to be a missing bounds check in pack_entry_find_offset, causing a bus error when reading from the pack data here:

    libgit2/src/libgit2/pack.c

    Line 1531 in a418d9d

    hi = ntohl(level1_ofs[(int)short_oid->id[0]]);

Version of libgit2 (release number or SHA1)

  • v1.5.1 (via rust libgit2-sys 0.14.2)

Operating system(s) tested

  • macOS
ConradIrwin added a commit to zed-industries/zed that referenced this issue Apr 15, 2024
@ConradIrwin
bump libgit2
87069ee 
Although this probably doesn't fix anything by itself, it'll make it
easier to fix libgit2/libgit2#6795
@ConradIrwin ConradIrwin mentioned this issue Apr 15, 2024
Merged
ConradIrwin added a commit to ConradIrwin/libgit2 that referenced this issue Apr 15, 2024
@ConradIrwin @bennetbo
Bounds check for pack index read
6e8227a 
Fixes: libgit2#6795

Co-Authored-By: Bennet <bennetbo@gmx.de>
@ConradIrwin ConradIrwin mentioned this issue Apr 15, 2024
Merged
ConradIrwin added a commit to zed-industries/zed that referenced this issue Apr 15, 2024
@ConradIrwin
bump libgit2 (#10561)
fda3c91 
Although this probably doesn't fix anything by itself, it'll make it
easier to fix libgit2/libgit2#6795

Release Notes:

- N/A
@ConradIrwin ConradIrwin reopened this Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bump libgit2 zed-industries/zed
Bounds check for pack index read ConradIrwin/libgit2
1 participant
@ConradIrwin
0