Bus error 10: in pack_entry_find_offset
ConradIrwin opened this issue · comments
Reproduction steps
- (probably) Opening a corrupt git repository.
- We use libgit2 at Zed and our telemetry has identified a few crashes like this every week.
- We haven't been able to reproduce the bug ourselves yet:
Bus error: 10 on thread 708354 ( com.apple.root.user-initiated-qos)
pack_entry_find_offset (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 112
git_pack_entry_find (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 144
pack_entry_find (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 176
pack_backend__read (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 72
odb_read_1 (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 436
git_odb_read (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 276
git_object_lookup_prefix (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 428
tree_iterator_frame_push (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 64
tree_iterator_advance (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 488
iterator_advance (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 60
git_diff__from_iterators (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 1984
git_diff_tree_to_index (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 376
git_status_list_new (in Zed-0.131.4-aarch64-apple-darwin.dwarf) + 692
/Users/administrator/.cargo/registry/src/index.crates.io-6f17d22bba15001f/git2-0.15.0/src/call.rs:42: git2::call::c_try
/Users/administrator/.cargo/registry/src/index.crates.io-6f17d22bba15001f/git2-0.15.0/src/repo.rs:924: <git2::repo::Repository>::statuses
crates/fs/src/repository.rs:139: <fs::repository::RealGitRepository as fs::repository::GitRepository>::staged_statuses
Expected behavior
- libgit2 should not issue an out-of-bounds memory read.
Actual behavior
- There seems to be a missing bounds check in
pack_entry_find_offset, causing a bus error when reading from the pack data here:Line 1531 in a418d9d
Version of libgit2 (release number or SHA1)
- v1.5.1 (via rust libgit2-sys 0.14.2)
Operating system(s) tested
- macOS