repack: check error writing to pack-objects subprocess

gitster · gitster · commit 4c9355ff48a3 · 2024-03-02T11:12:16.000-08:00
When "git repack" repacks promisor objects, it starts a pack-objects
subprocess and uses xwrite() to send object names over the pipe to
it, but without any error checking.  An I/O error or short write
(even though a short write is unlikely for such a small amount of
data) can result in a packfile that lacks certain objects we wanted
to put in there, leading to a silent repository corruption.

Use write_in_full(), instead of xwrite(), to mitigate short write
risks, check errors from it, and abort if we see a failure.

Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/builtin/repack.c b/builtin/repack.c
@@ -314,8 +314,9 @@ static int write_oid(const struct object_id *oid,
 			die(_("could not start pack-objects to repack promisor objects"));
 	}
 
-	xwrite(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz);
-	xwrite(cmd->in, "\n", 1);
+	if (write_in_full(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz) < 0 ||
+	    write_in_full(cmd->in, "\n", 1) < 0)
+		die(_("failed to feed promisor objects to pack-objects"));
 	return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -314,8 +314,9 @@ static int write_oid(const struct object_id *oid,`
`314`	`314`	`die(_("could not start pack-objects to repack promisor objects"));`
`315`	`315`	`}`
`316`	`316`
`317`		`- xwrite(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz);`
`318`		`- xwrite(cmd->in, "\n", 1);`
	`317`	`+ if (write_in_full(cmd->in, oid_to_hex(oid), the_hash_algo->hexsz) < 0 \|\|`
	`318`	`+ write_in_full(cmd->in, "\n", 1) < 0)`
	`319`	`+ die(_("failed to feed promisor objects to pack-objects"));`
`319`	`320`	`return 0;`
`320`	`321`	`}`
`321`	`322`