Merge branch 'rs/avoid-overflow-in-midpoint-computation'
[git] / packfile.c
1 #include "cache.h"
2 #include "list.h"
3 #include "pack.h"
4 #include "repository.h"
5 #include "dir.h"
6 #include "mergesort.h"
7 #include "packfile.h"
8 #include "delta.h"
9 #include "list.h"
10 #include "streaming.h"
11 #include "sha1-lookup.h"
12 #include "commit.h"
13 #include "object.h"
14 #include "tag.h"
15 #include "tree-walk.h"
16 #include "tree.h"
17 #include "object-store.h"
18 #include "midx.h"
19 #include "commit-graph.h"
20
21 char *odb_pack_name(struct strbuf *buf,
22                     const unsigned char *sha1,
23                     const char *ext)
24 {
25         strbuf_reset(buf);
26         strbuf_addf(buf, "%s/pack/pack-%s.%s", get_object_directory(),
27                     sha1_to_hex(sha1), ext);
28         return buf->buf;
29 }
30
31 char *sha1_pack_name(const unsigned char *sha1)
32 {
33         static struct strbuf buf = STRBUF_INIT;
34         return odb_pack_name(&buf, sha1, "pack");
35 }
36
37 char *sha1_pack_index_name(const unsigned char *sha1)
38 {
39         static struct strbuf buf = STRBUF_INIT;
40         return odb_pack_name(&buf, sha1, "idx");
41 }
42
43 static unsigned int pack_used_ctr;
44 static unsigned int pack_mmap_calls;
45 static unsigned int peak_pack_open_windows;
46 static unsigned int pack_open_windows;
47 static unsigned int pack_open_fds;
48 static unsigned int pack_max_fds;
49 static size_t peak_pack_mapped;
50 static size_t pack_mapped;
51
52 #define SZ_FMT PRIuMAX
53 static inline uintmax_t sz_fmt(size_t s) { return s; }
54
55 void pack_report(void)
56 {
57         fprintf(stderr,
58                 "pack_report: getpagesize()            = %10" SZ_FMT "\n"
59                 "pack_report: core.packedGitWindowSize = %10" SZ_FMT "\n"
60                 "pack_report: core.packedGitLimit      = %10" SZ_FMT "\n",
61                 sz_fmt(getpagesize()),
62                 sz_fmt(packed_git_window_size),
63                 sz_fmt(packed_git_limit));
64         fprintf(stderr,
65                 "pack_report: pack_used_ctr            = %10u\n"
66                 "pack_report: pack_mmap_calls          = %10u\n"
67                 "pack_report: pack_open_windows        = %10u / %10u\n"
68                 "pack_report: pack_mapped              = "
69                         "%10" SZ_FMT " / %10" SZ_FMT "\n",
70                 pack_used_ctr,
71                 pack_mmap_calls,
72                 pack_open_windows, peak_pack_open_windows,
73                 sz_fmt(pack_mapped), sz_fmt(peak_pack_mapped));
74 }
75
76 /*
77  * Open and mmap the index file at path, perform a couple of
78  * consistency checks, then record its information to p.  Return 0 on
79  * success.
80  */
81 static int check_packed_git_idx(const char *path, struct packed_git *p)
82 {
83         void *idx_map;
84         size_t idx_size;
85         int fd = git_open(path), ret;
86         struct stat st;
87         const unsigned int hashsz = the_hash_algo->rawsz;
88
89         if (fd < 0)
90                 return -1;
91         if (fstat(fd, &st)) {
92                 close(fd);
93                 return -1;
94         }
95         idx_size = xsize_t(st.st_size);
96         if (idx_size < 4 * 256 + hashsz + hashsz) {
97                 close(fd);
98                 return error("index file %s is too small", path);
99         }
100         idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
101         close(fd);
102
103         ret = load_idx(path, hashsz, idx_map, idx_size, p);
104
105         if (ret)
106                 munmap(idx_map, idx_size);
107
108         return ret;
109 }
110
111 int load_idx(const char *path, const unsigned int hashsz, void *idx_map,
112              size_t idx_size, struct packed_git *p)
113 {
114         struct pack_idx_header *hdr = idx_map;
115         uint32_t version, nr, i, *index;
116
117         if (idx_size < 4 * 256 + hashsz + hashsz)
118                 return error("index file %s is too small", path);
119         if (idx_map == NULL)
120                 return error("empty data");
121
122         if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) {
123                 version = ntohl(hdr->idx_version);
124                 if (version < 2 || version > 2)
125                         return error("index file %s is version %"PRIu32
126                                      " and is not supported by this binary"
127                                      " (try upgrading GIT to a newer version)",
128                                      path, version);
129         } else
130                 version = 1;
131
132         nr = 0;
133         index = idx_map;
134         if (version > 1)
135                 index += 2;  /* skip index header */
136         for (i = 0; i < 256; i++) {
137                 uint32_t n = ntohl(index[i]);
138                 if (n < nr)
139                         return error("non-monotonic index %s", path);
140                 nr = n;
141         }
142
143         if (version == 1) {
144                 /*
145                  * Total size:
146                  *  - 256 index entries 4 bytes each
147                  *  - 24-byte entries * nr (object ID + 4-byte offset)
148                  *  - hash of the packfile
149                  *  - file checksum
150                  */
151                 if (idx_size != 4 * 256 + nr * (hashsz + 4) + hashsz + hashsz)
152                         return error("wrong index v1 file size in %s", path);
153         } else if (version == 2) {
154                 /*
155                  * Minimum size:
156                  *  - 8 bytes of header
157                  *  - 256 index entries 4 bytes each
158                  *  - object ID entry * nr
159                  *  - 4-byte crc entry * nr
160                  *  - 4-byte offset entry * nr
161                  *  - hash of the packfile
162                  *  - file checksum
163                  * And after the 4-byte offset table might be a
164                  * variable sized table containing 8-byte entries
165                  * for offsets larger than 2^31.
166                  */
167                 unsigned long min_size = 8 + 4*256 + nr*(hashsz + 4 + 4) + hashsz + hashsz;
168                 unsigned long max_size = min_size;
169                 if (nr)
170                         max_size += (nr - 1)*8;
171                 if (idx_size < min_size || idx_size > max_size)
172                         return error("wrong index v2 file size in %s", path);
173                 if (idx_size != min_size &&
174                     /*
175                      * make sure we can deal with large pack offsets.
176                      * 31-bit signed offset won't be enough, neither
177                      * 32-bit unsigned one will be.
178                      */
179                     (sizeof(off_t) <= 4))
180                         return error("pack too large for current definition of off_t in %s", path);
181         }
182
183         p->index_version = version;
184         p->index_data = idx_map;
185         p->index_size = idx_size;
186         p->num_objects = nr;
187         return 0;
188 }
189
190 int open_pack_index(struct packed_git *p)
191 {
192         char *idx_name;
193         size_t len;
194         int ret;
195
196         if (p->index_data)
197                 return 0;
198
199         if (!strip_suffix(p->pack_name, ".pack", &len))
200                 BUG("pack_name does not end in .pack");
201         idx_name = xstrfmt("%.*s.idx", (int)len, p->pack_name);
202         ret = check_packed_git_idx(idx_name, p);
203         free(idx_name);
204         return ret;
205 }
206
207 uint32_t get_pack_fanout(struct packed_git *p, uint32_t value)
208 {
209         const uint32_t *level1_ofs = p->index_data;
210
211         if (!level1_ofs) {
212                 if (open_pack_index(p))
213                         return 0;
214                 level1_ofs = p->index_data;
215         }
216
217         if (p->index_version > 1) {
218                 level1_ofs += 2;
219         }
220
221         return ntohl(level1_ofs[value]);
222 }
223
224 static struct packed_git *alloc_packed_git(int extra)
225 {
226         struct packed_git *p = xmalloc(st_add(sizeof(*p), extra));
227         memset(p, 0, sizeof(*p));
228         p->pack_fd = -1;
229         return p;
230 }
231
232 struct packed_git *parse_pack_index(unsigned char *sha1, const char *idx_path)
233 {
234         const char *path = sha1_pack_name(sha1);
235         size_t alloc = st_add(strlen(path), 1);
236         struct packed_git *p = alloc_packed_git(alloc);
237
238         memcpy(p->pack_name, path, alloc); /* includes NUL */
239         hashcpy(p->hash, sha1);
240         if (check_packed_git_idx(idx_path, p)) {
241                 free(p);
242                 return NULL;
243         }
244
245         return p;
246 }
247
248 static void scan_windows(struct packed_git *p,
249         struct packed_git **lru_p,
250         struct pack_window **lru_w,
251         struct pack_window **lru_l)
252 {
253         struct pack_window *w, *w_l;
254
255         for (w_l = NULL, w = p->windows; w; w = w->next) {
256                 if (!w->inuse_cnt) {
257                         if (!*lru_w || w->last_used < (*lru_w)->last_used) {
258                                 *lru_p = p;
259                                 *lru_w = w;
260                                 *lru_l = w_l;
261                         }
262                 }
263                 w_l = w;
264         }
265 }
266
267 static int unuse_one_window(struct packed_git *current)
268 {
269         struct packed_git *p, *lru_p = NULL;
270         struct pack_window *lru_w = NULL, *lru_l = NULL;
271
272         if (current)
273                 scan_windows(current, &lru_p, &lru_w, &lru_l);
274         for (p = the_repository->objects->packed_git; p; p = p->next)
275                 scan_windows(p, &lru_p, &lru_w, &lru_l);
276         if (lru_p) {
277                 munmap(lru_w->base, lru_w->len);
278                 pack_mapped -= lru_w->len;
279                 if (lru_l)
280                         lru_l->next = lru_w->next;
281                 else
282                         lru_p->windows = lru_w->next;
283                 free(lru_w);
284                 pack_open_windows--;
285                 return 1;
286         }
287         return 0;
288 }
289
290 void release_pack_memory(size_t need)
291 {
292         size_t cur = pack_mapped;
293         while (need >= (cur - pack_mapped) && unuse_one_window(NULL))
294                 ; /* nothing */
295 }
296
297 void close_pack_windows(struct packed_git *p)
298 {
299         while (p->windows) {
300                 struct pack_window *w = p->windows;
301
302                 if (w->inuse_cnt)
303                         die("pack '%s' still has open windows to it",
304                             p->pack_name);
305                 munmap(w->base, w->len);
306                 pack_mapped -= w->len;
307                 pack_open_windows--;
308                 p->windows = w->next;
309                 free(w);
310         }
311 }
312
313 int close_pack_fd(struct packed_git *p)
314 {
315         if (p->pack_fd < 0)
316                 return 0;
317
318         close(p->pack_fd);
319         pack_open_fds--;
320         p->pack_fd = -1;
321
322         return 1;
323 }
324
325 void close_pack_index(struct packed_git *p)
326 {
327         if (p->index_data) {
328                 munmap((void *)p->index_data, p->index_size);
329                 p->index_data = NULL;
330         }
331 }
332
333 void close_pack(struct packed_git *p)
334 {
335         close_pack_windows(p);
336         close_pack_fd(p);
337         close_pack_index(p);
338 }
339
340 void close_object_store(struct raw_object_store *o)
341 {
342         struct packed_git *p;
343
344         for (p = o->packed_git; p; p = p->next)
345                 if (p->do_not_close)
346                         BUG("want to close pack marked 'do-not-close'");
347                 else
348                         close_pack(p);
349
350         if (o->multi_pack_index) {
351                 close_midx(o->multi_pack_index);
352                 o->multi_pack_index = NULL;
353         }
354
355         close_commit_graph(o);
356 }
357
358 /*
359  * The LRU pack is the one with the oldest MRU window, preferring packs
360  * with no used windows, or the oldest mtime if it has no windows allocated.
361  */
362 static void find_lru_pack(struct packed_git *p, struct packed_git **lru_p, struct pack_window **mru_w, int *accept_windows_inuse)
363 {
364         struct pack_window *w, *this_mru_w;
365         int has_windows_inuse = 0;
366
367         /*
368          * Reject this pack if it has windows and the previously selected
369          * one does not.  If this pack does not have windows, reject
370          * it if the pack file is newer than the previously selected one.
371          */
372         if (*lru_p && !*mru_w && (p->windows || p->mtime > (*lru_p)->mtime))
373                 return;
374
375         for (w = this_mru_w = p->windows; w; w = w->next) {
376                 /*
377                  * Reject this pack if any of its windows are in use,
378                  * but the previously selected pack did not have any
379                  * inuse windows.  Otherwise, record that this pack
380                  * has windows in use.
381                  */
382                 if (w->inuse_cnt) {
383                         if (*accept_windows_inuse)
384                                 has_windows_inuse = 1;
385                         else
386                                 return;
387                 }
388
389                 if (w->last_used > this_mru_w->last_used)
390                         this_mru_w = w;
391
392                 /*
393                  * Reject this pack if it has windows that have been
394                  * used more recently than the previously selected pack.
395                  * If the previously selected pack had windows inuse and
396                  * we have not encountered a window in this pack that is
397                  * inuse, skip this check since we prefer a pack with no
398                  * inuse windows to one that has inuse windows.
399                  */
400                 if (*mru_w && *accept_windows_inuse == has_windows_inuse &&
401                     this_mru_w->last_used > (*mru_w)->last_used)
402                         return;
403         }
404
405         /*
406          * Select this pack.
407          */
408         *mru_w = this_mru_w;
409         *lru_p = p;
410         *accept_windows_inuse = has_windows_inuse;
411 }
412
413 static int close_one_pack(void)
414 {
415         struct packed_git *p, *lru_p = NULL;
416         struct pack_window *mru_w = NULL;
417         int accept_windows_inuse = 1;
418
419         for (p = the_repository->objects->packed_git; p; p = p->next) {
420                 if (p->pack_fd == -1)
421                         continue;
422                 find_lru_pack(p, &lru_p, &mru_w, &accept_windows_inuse);
423         }
424
425         if (lru_p)
426                 return close_pack_fd(lru_p);
427
428         return 0;
429 }
430
431 static unsigned int get_max_fd_limit(void)
432 {
433 #ifdef RLIMIT_NOFILE
434         {
435                 struct rlimit lim;
436
437                 if (!getrlimit(RLIMIT_NOFILE, &lim))
438                         return lim.rlim_cur;
439         }
440 #endif
441
442 #ifdef _SC_OPEN_MAX
443         {
444                 long open_max = sysconf(_SC_OPEN_MAX);
445                 if (0 < open_max)
446                         return open_max;
447                 /*
448                  * Otherwise, we got -1 for one of the two
449                  * reasons:
450                  *
451                  * (1) sysconf() did not understand _SC_OPEN_MAX
452                  *     and signaled an error with -1; or
453                  * (2) sysconf() said there is no limit.
454                  *
455                  * We _could_ clear errno before calling sysconf() to
456                  * tell these two cases apart and return a huge number
457                  * in the latter case to let the caller cap it to a
458                  * value that is not so selfish, but letting the
459                  * fallback OPEN_MAX codepath take care of these cases
460                  * is a lot simpler.
461                  */
462         }
463 #endif
464
465 #ifdef OPEN_MAX
466         return OPEN_MAX;
467 #else
468         return 1; /* see the caller ;-) */
469 #endif
470 }
471
472 const char *pack_basename(struct packed_git *p)
473 {
474         const char *ret = strrchr(p->pack_name, '/');
475         if (ret)
476                 ret = ret + 1; /* skip past slash */
477         else
478                 ret = p->pack_name; /* we only have a base */
479         return ret;
480 }
481
482 /*
483  * Do not call this directly as this leaks p->pack_fd on error return;
484  * call open_packed_git() instead.
485  */
486 static int open_packed_git_1(struct packed_git *p)
487 {
488         struct stat st;
489         struct pack_header hdr;
490         unsigned char hash[GIT_MAX_RAWSZ];
491         unsigned char *idx_hash;
492         long fd_flag;
493         ssize_t read_result;
494         const unsigned hashsz = the_hash_algo->rawsz;
495
496         if (!p->index_data) {
497                 struct multi_pack_index *m;
498                 const char *pack_name = pack_basename(p);
499
500                 for (m = the_repository->objects->multi_pack_index;
501                      m; m = m->next) {
502                         if (midx_contains_pack(m, pack_name))
503                                 break;
504                 }
505
506                 if (!m && open_pack_index(p))
507                         return error("packfile %s index unavailable", p->pack_name);
508         }
509
510         if (!pack_max_fds) {
511                 unsigned int max_fds = get_max_fd_limit();
512
513                 /* Save 3 for stdin/stdout/stderr, 22 for work */
514                 if (25 < max_fds)
515                         pack_max_fds = max_fds - 25;
516                 else
517                         pack_max_fds = 1;
518         }
519
520         while (pack_max_fds <= pack_open_fds && close_one_pack())
521                 ; /* nothing */
522
523         p->pack_fd = git_open(p->pack_name);
524         if (p->pack_fd < 0 || fstat(p->pack_fd, &st))
525                 return -1;
526         pack_open_fds++;
527
528         /* If we created the struct before we had the pack we lack size. */
529         if (!p->pack_size) {
530                 if (!S_ISREG(st.st_mode))
531                         return error("packfile %s not a regular file", p->pack_name);
532                 p->pack_size = st.st_size;
533         } else if (p->pack_size != st.st_size)
534                 return error("packfile %s size changed", p->pack_name);
535
536         /* We leave these file descriptors open with sliding mmap;
537          * there is no point keeping them open across exec(), though.
538          */
539         fd_flag = fcntl(p->pack_fd, F_GETFD, 0);
540         if (fd_flag < 0)
541                 return error("cannot determine file descriptor flags");
542         fd_flag |= FD_CLOEXEC;
543         if (fcntl(p->pack_fd, F_SETFD, fd_flag) == -1)
544                 return error("cannot set FD_CLOEXEC");
545
546         /* Verify we recognize this pack file format. */
547         read_result = read_in_full(p->pack_fd, &hdr, sizeof(hdr));
548         if (read_result < 0)
549                 return error_errno("error reading from %s", p->pack_name);
550         if (read_result != sizeof(hdr))
551                 return error("file %s is far too short to be a packfile", p->pack_name);
552         if (hdr.hdr_signature != htonl(PACK_SIGNATURE))
553                 return error("file %s is not a GIT packfile", p->pack_name);
554         if (!pack_version_ok(hdr.hdr_version))
555                 return error("packfile %s is version %"PRIu32" and not"
556                         " supported (try upgrading GIT to a newer version)",
557                         p->pack_name, ntohl(hdr.hdr_version));
558
559         /* Skip index checking if in multi-pack-index */
560         if (!p->index_data)
561                 return 0;
562
563         /* Verify the pack matches its index. */
564         if (p->num_objects != ntohl(hdr.hdr_entries))
565                 return error("packfile %s claims to have %"PRIu32" objects"
566                              " while index indicates %"PRIu32" objects",
567                              p->pack_name, ntohl(hdr.hdr_entries),
568                              p->num_objects);
569         if (lseek(p->pack_fd, p->pack_size - hashsz, SEEK_SET) == -1)
570                 return error("end of packfile %s is unavailable", p->pack_name);
571         read_result = read_in_full(p->pack_fd, hash, hashsz);
572         if (read_result < 0)
573                 return error_errno("error reading from %s", p->pack_name);
574         if (read_result != hashsz)
575                 return error("packfile %s signature is unavailable", p->pack_name);
576         idx_hash = ((unsigned char *)p->index_data) + p->index_size - hashsz * 2;
577         if (!hasheq(hash, idx_hash))
578                 return error("packfile %s does not match index", p->pack_name);
579         return 0;
580 }
581
582 static int open_packed_git(struct packed_git *p)
583 {
584         if (!open_packed_git_1(p))
585                 return 0;
586         close_pack_fd(p);
587         return -1;
588 }
589
590 static int in_window(struct pack_window *win, off_t offset)
591 {
592         /* We must promise at least one full hash after the
593          * offset is available from this window, otherwise the offset
594          * is not actually in this window and a different window (which
595          * has that one hash excess) must be used.  This is to support
596          * the object header and delta base parsing routines below.
597          */
598         off_t win_off = win->offset;
599         return win_off <= offset
600                 && (offset + the_hash_algo->rawsz) <= (win_off + win->len);
601 }
602
603 unsigned char *use_pack(struct packed_git *p,
604                 struct pack_window **w_cursor,
605                 off_t offset,
606                 unsigned long *left)
607 {
608         struct pack_window *win = *w_cursor;
609
610         /* Since packfiles end in a hash of their content and it's
611          * pointless to ask for an offset into the middle of that
612          * hash, and the in_window function above wouldn't match
613          * don't allow an offset too close to the end of the file.
614          */
615         if (!p->pack_size && p->pack_fd == -1 && open_packed_git(p))
616                 die("packfile %s cannot be accessed", p->pack_name);
617         if (offset > (p->pack_size - the_hash_algo->rawsz))
618                 die("offset beyond end of packfile (truncated pack?)");
619         if (offset < 0)
620                 die(_("offset before end of packfile (broken .idx?)"));
621
622         if (!win || !in_window(win, offset)) {
623                 if (win)
624                         win->inuse_cnt--;
625                 for (win = p->windows; win; win = win->next) {
626                         if (in_window(win, offset))
627                                 break;
628                 }
629                 if (!win) {
630                         size_t window_align = packed_git_window_size / 2;
631                         off_t len;
632
633                         if (p->pack_fd == -1 && open_packed_git(p))
634                                 die("packfile %s cannot be accessed", p->pack_name);
635
636                         win = xcalloc(1, sizeof(*win));
637                         win->offset = (offset / window_align) * window_align;
638                         len = p->pack_size - win->offset;
639                         if (len > packed_git_window_size)
640                                 len = packed_git_window_size;
641                         win->len = (size_t)len;
642                         pack_mapped += win->len;
643                         while (packed_git_limit < pack_mapped
644                                 && unuse_one_window(p))
645                                 ; /* nothing */
646                         win->base = xmmap_gently(NULL, win->len,
647                                 PROT_READ, MAP_PRIVATE,
648                                 p->pack_fd, win->offset);
649                         if (win->base == MAP_FAILED)
650                                 die_errno("packfile %s cannot be mapped",
651                                           p->pack_name);
652                         if (!win->offset && win->len == p->pack_size
653                                 && !p->do_not_close)
654                                 close_pack_fd(p);
655                         pack_mmap_calls++;
656                         pack_open_windows++;
657                         if (pack_mapped > peak_pack_mapped)
658                                 peak_pack_mapped = pack_mapped;
659                         if (pack_open_windows > peak_pack_open_windows)
660                                 peak_pack_open_windows = pack_open_windows;
661                         win->next = p->windows;
662                         p->windows = win;
663                 }
664         }
665         if (win != *w_cursor) {
666                 win->last_used = pack_used_ctr++;
667                 win->inuse_cnt++;
668                 *w_cursor = win;
669         }
670         offset -= win->offset;
671         if (left)
672                 *left = win->len - xsize_t(offset);
673         return win->base + offset;
674 }
675
676 void unuse_pack(struct pack_window **w_cursor)
677 {
678         struct pack_window *w = *w_cursor;
679         if (w) {
680                 w->inuse_cnt--;
681                 *w_cursor = NULL;
682         }
683 }
684
685 static void try_to_free_pack_memory(size_t size)
686 {
687         release_pack_memory(size);
688 }
689
690 struct packed_git *add_packed_git(const char *path, size_t path_len, int local)
691 {
692         static int have_set_try_to_free_routine;
693         struct stat st;
694         size_t alloc;
695         struct packed_git *p;
696
697         if (!have_set_try_to_free_routine) {
698                 have_set_try_to_free_routine = 1;
699                 set_try_to_free_routine(try_to_free_pack_memory);
700         }
701
702         /*
703          * Make sure a corresponding .pack file exists and that
704          * the index looks sane.
705          */
706         if (!strip_suffix_mem(path, &path_len, ".idx"))
707                 return NULL;
708
709         /*
710          * ".promisor" is long enough to hold any suffix we're adding (and
711          * the use xsnprintf double-checks that)
712          */
713         alloc = st_add3(path_len, strlen(".promisor"), 1);
714         p = alloc_packed_git(alloc);
715         memcpy(p->pack_name, path, path_len);
716
717         xsnprintf(p->pack_name + path_len, alloc - path_len, ".keep");
718         if (!access(p->pack_name, F_OK))
719                 p->pack_keep = 1;
720
721         xsnprintf(p->pack_name + path_len, alloc - path_len, ".promisor");
722         if (!access(p->pack_name, F_OK))
723                 p->pack_promisor = 1;
724
725         xsnprintf(p->pack_name + path_len, alloc - path_len, ".pack");
726         if (stat(p->pack_name, &st) || !S_ISREG(st.st_mode)) {
727                 free(p);
728                 return NULL;
729         }
730
731         /* ok, it looks sane as far as we can check without
732          * actually mapping the pack file.
733          */
734         p->pack_size = st.st_size;
735         p->pack_local = local;
736         p->mtime = st.st_mtime;
737         if (path_len < the_hash_algo->hexsz ||
738             get_sha1_hex(path + path_len - the_hash_algo->hexsz, p->hash))
739                 hashclr(p->hash);
740         return p;
741 }
742
743 void install_packed_git(struct repository *r, struct packed_git *pack)
744 {
745         if (pack->pack_fd != -1)
746                 pack_open_fds++;
747
748         pack->next = r->objects->packed_git;
749         r->objects->packed_git = pack;
750 }
751
752 void (*report_garbage)(unsigned seen_bits, const char *path);
753
754 static void report_helper(const struct string_list *list,
755                           int seen_bits, int first, int last)
756 {
757         if (seen_bits == (PACKDIR_FILE_PACK|PACKDIR_FILE_IDX))
758                 return;
759
760         for (; first < last; first++)
761                 report_garbage(seen_bits, list->items[first].string);
762 }
763
764 static void report_pack_garbage(struct string_list *list)
765 {
766         int i, baselen = -1, first = 0, seen_bits = 0;
767
768         if (!report_garbage)
769                 return;
770
771         string_list_sort(list);
772
773         for (i = 0; i < list->nr; i++) {
774                 const char *path = list->items[i].string;
775                 if (baselen != -1 &&
776                     strncmp(path, list->items[first].string, baselen)) {
777                         report_helper(list, seen_bits, first, i);
778                         baselen = -1;
779                         seen_bits = 0;
780                 }
781                 if (baselen == -1) {
782                         const char *dot = strrchr(path, '.');
783                         if (!dot) {
784                                 report_garbage(PACKDIR_FILE_GARBAGE, path);
785                                 continue;
786                         }
787                         baselen = dot - path + 1;
788                         first = i;
789                 }
790                 if (!strcmp(path + baselen, "pack"))
791                         seen_bits |= 1;
792                 else if (!strcmp(path + baselen, "idx"))
793                         seen_bits |= 2;
794         }
795         report_helper(list, seen_bits, first, list->nr);
796 }
797
798 void for_each_file_in_pack_dir(const char *objdir,
799                                each_file_in_pack_dir_fn fn,
800                                void *data)
801 {
802         struct strbuf path = STRBUF_INIT;
803         size_t dirnamelen;
804         DIR *dir;
805         struct dirent *de;
806
807         strbuf_addstr(&path, objdir);
808         strbuf_addstr(&path, "/pack");
809         dir = opendir(path.buf);
810         if (!dir) {
811                 if (errno != ENOENT)
812                         error_errno("unable to open object pack directory: %s",
813                                     path.buf);
814                 strbuf_release(&path);
815                 return;
816         }
817         strbuf_addch(&path, '/');
818         dirnamelen = path.len;
819         while ((de = readdir(dir)) != NULL) {
820                 if (is_dot_or_dotdot(de->d_name))
821                         continue;
822
823                 strbuf_setlen(&path, dirnamelen);
824                 strbuf_addstr(&path, de->d_name);
825
826                 fn(path.buf, path.len, de->d_name, data);
827         }
828
829         closedir(dir);
830         strbuf_release(&path);
831 }
832
833 struct prepare_pack_data {
834         struct repository *r;
835         struct string_list *garbage;
836         int local;
837         struct multi_pack_index *m;
838 };
839
840 static void prepare_pack(const char *full_name, size_t full_name_len,
841                          const char *file_name, void *_data)
842 {
843         struct prepare_pack_data *data = (struct prepare_pack_data *)_data;
844         struct packed_git *p;
845         size_t base_len = full_name_len;
846
847         if (strip_suffix_mem(full_name, &base_len, ".idx") &&
848             !(data->m && midx_contains_pack(data->m, file_name))) {
849                 /* Don't reopen a pack we already have. */
850                 for (p = data->r->objects->packed_git; p; p = p->next) {
851                         size_t len;
852                         if (strip_suffix(p->pack_name, ".pack", &len) &&
853                             len == base_len &&
854                             !memcmp(p->pack_name, full_name, len))
855                                 break;
856                 }
857
858                 if (!p) {
859                         p = add_packed_git(full_name, full_name_len, data->local);
860                         if (p)
861                                 install_packed_git(data->r, p);
862                 }
863         }
864
865         if (!report_garbage)
866                 return;
867
868         if (!strcmp(file_name, "multi-pack-index"))
869                 return;
870         if (ends_with(file_name, ".idx") ||
871             ends_with(file_name, ".pack") ||
872             ends_with(file_name, ".bitmap") ||
873             ends_with(file_name, ".keep") ||
874             ends_with(file_name, ".promisor"))
875                 string_list_append(data->garbage, full_name);
876         else
877                 report_garbage(PACKDIR_FILE_GARBAGE, full_name);
878 }
879
880 static void prepare_packed_git_one(struct repository *r, char *objdir, int local)
881 {
882         struct prepare_pack_data data;
883         struct string_list garbage = STRING_LIST_INIT_DUP;
884
885         data.m = r->objects->multi_pack_index;
886
887         /* look for the multi-pack-index for this object directory */
888         while (data.m && strcmp(data.m->object_dir, objdir))
889                 data.m = data.m->next;
890
891         data.r = r;
892         data.garbage = &garbage;
893         data.local = local;
894
895         for_each_file_in_pack_dir(objdir, prepare_pack, &data);
896
897         report_pack_garbage(data.garbage);
898         string_list_clear(data.garbage, 0);
899 }
900
901 static void prepare_packed_git(struct repository *r);
902 /*
903  * Give a fast, rough count of the number of objects in the repository. This
904  * ignores loose objects completely. If you have a lot of them, then either
905  * you should repack because your performance will be awful, or they are
906  * all unreachable objects about to be pruned, in which case they're not really
907  * interesting as a measure of repo size in the first place.
908  */
909 unsigned long repo_approximate_object_count(struct repository *r)
910 {
911         if (!r->objects->approximate_object_count_valid) {
912                 unsigned long count;
913                 struct multi_pack_index *m;
914                 struct packed_git *p;
915
916                 prepare_packed_git(r);
917                 count = 0;
918                 for (m = get_multi_pack_index(r); m; m = m->next)
919                         count += m->num_objects;
920                 for (p = r->objects->packed_git; p; p = p->next) {
921                         if (open_pack_index(p))
922                                 continue;
923                         count += p->num_objects;
924                 }
925                 r->objects->approximate_object_count = count;
926         }
927         return r->objects->approximate_object_count;
928 }
929
930 static void *get_next_packed_git(const void *p)
931 {
932         return ((const struct packed_git *)p)->next;
933 }
934
935 static void set_next_packed_git(void *p, void *next)
936 {
937         ((struct packed_git *)p)->next = next;
938 }
939
940 static int sort_pack(const void *a_, const void *b_)
941 {
942         const struct packed_git *a = a_;
943         const struct packed_git *b = b_;
944         int st;
945
946         /*
947          * Local packs tend to contain objects specific to our
948          * variant of the project than remote ones.  In addition,
949          * remote ones could be on a network mounted filesystem.
950          * Favor local ones for these reasons.
951          */
952         st = a->pack_local - b->pack_local;
953         if (st)
954                 return -st;
955
956         /*
957          * Younger packs tend to contain more recent objects,
958          * and more recent objects tend to get accessed more
959          * often.
960          */
961         if (a->mtime < b->mtime)
962                 return 1;
963         else if (a->mtime == b->mtime)
964                 return 0;
965         return -1;
966 }
967
968 static void rearrange_packed_git(struct repository *r)
969 {
970         r->objects->packed_git = llist_mergesort(
971                 r->objects->packed_git, get_next_packed_git,
972                 set_next_packed_git, sort_pack);
973 }
974
975 static void prepare_packed_git_mru(struct repository *r)
976 {
977         struct packed_git *p;
978
979         INIT_LIST_HEAD(&r->objects->packed_git_mru);
980
981         for (p = r->objects->packed_git; p; p = p->next)
982                 list_add_tail(&p->mru, &r->objects->packed_git_mru);
983 }
984
985 static void prepare_packed_git(struct repository *r)
986 {
987         struct object_directory *odb;
988
989         if (r->objects->packed_git_initialized)
990                 return;
991
992         prepare_alt_odb(r);
993         for (odb = r->objects->odb; odb; odb = odb->next) {
994                 int local = (odb == r->objects->odb);
995                 prepare_multi_pack_index_one(r, odb->path, local);
996                 prepare_packed_git_one(r, odb->path, local);
997         }
998         rearrange_packed_git(r);
999
1000         prepare_packed_git_mru(r);
1001         r->objects->packed_git_initialized = 1;
1002 }
1003
1004 void reprepare_packed_git(struct repository *r)
1005 {
1006         struct object_directory *odb;
1007
1008         for (odb = r->objects->odb; odb; odb = odb->next)
1009                 odb_clear_loose_cache(odb);
1010
1011         r->objects->approximate_object_count_valid = 0;
1012         r->objects->packed_git_initialized = 0;
1013         prepare_packed_git(r);
1014 }
1015
1016 struct packed_git *get_packed_git(struct repository *r)
1017 {
1018         prepare_packed_git(r);
1019         return r->objects->packed_git;
1020 }
1021
1022 struct multi_pack_index *get_multi_pack_index(struct repository *r)
1023 {
1024         prepare_packed_git(r);
1025         return r->objects->multi_pack_index;
1026 }
1027
1028 struct packed_git *get_all_packs(struct repository *r)
1029 {
1030         struct multi_pack_index *m;
1031
1032         prepare_packed_git(r);
1033         for (m = r->objects->multi_pack_index; m; m = m->next) {
1034                 uint32_t i;
1035                 for (i = 0; i < m->num_packs; i++)
1036                         prepare_midx_pack(r, m, i);
1037         }
1038
1039         return r->objects->packed_git;
1040 }
1041
1042 struct list_head *get_packed_git_mru(struct repository *r)
1043 {
1044         prepare_packed_git(r);
1045         return &r->objects->packed_git_mru;
1046 }
1047
1048 unsigned long unpack_object_header_buffer(const unsigned char *buf,
1049                 unsigned long len, enum object_type *type, unsigned long *sizep)
1050 {
1051         unsigned shift;
1052         unsigned long size, c;
1053         unsigned long used = 0;
1054
1055         c = buf[used++];
1056         *type = (c >> 4) & 7;
1057         size = c & 15;
1058         shift = 4;
1059         while (c & 0x80) {
1060                 if (len <= used || bitsizeof(long) <= shift) {
1061                         error("bad object header");
1062                         size = used = 0;
1063                         break;
1064                 }
1065                 c = buf[used++];
1066                 size += (c & 0x7f) << shift;
1067                 shift += 7;
1068         }
1069         *sizep = size;
1070         return used;
1071 }
1072
1073 unsigned long get_size_from_delta(struct packed_git *p,
1074                                   struct pack_window **w_curs,
1075                                   off_t curpos)
1076 {
1077         const unsigned char *data;
1078         unsigned char delta_head[20], *in;
1079         git_zstream stream;
1080         int st;
1081
1082         memset(&stream, 0, sizeof(stream));
1083         stream.next_out = delta_head;
1084         stream.avail_out = sizeof(delta_head);
1085
1086         git_inflate_init(&stream);
1087         do {
1088                 in = use_pack(p, w_curs, curpos, &stream.avail_in);
1089                 stream.next_in = in;
1090                 st = git_inflate(&stream, Z_FINISH);
1091                 curpos += stream.next_in - in;
1092         } while ((st == Z_OK || st == Z_BUF_ERROR) &&
1093                  stream.total_out < sizeof(delta_head));
1094         git_inflate_end(&stream);
1095         if ((st != Z_STREAM_END) && stream.total_out != sizeof(delta_head)) {
1096                 error("delta data unpack-initial failed");
1097                 return 0;
1098         }
1099
1100         /* Examine the initial part of the delta to figure out
1101          * the result size.
1102          */
1103         data = delta_head;
1104
1105         /* ignore base size */
1106         get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1107
1108         /* Read the result size */
1109         return get_delta_hdr_size(&data, delta_head+sizeof(delta_head));
1110 }
1111
1112 int unpack_object_header(struct packed_git *p,
1113                          struct pack_window **w_curs,
1114                          off_t *curpos,
1115                          unsigned long *sizep)
1116 {
1117         unsigned char *base;
1118         unsigned long left;
1119         unsigned long used;
1120         enum object_type type;
1121
1122         /* use_pack() assures us we have [base, base + 20) available
1123          * as a range that we can look at.  (Its actually the hash
1124          * size that is assured.)  With our object header encoding
1125          * the maximum deflated object size is 2^137, which is just
1126          * insane, so we know won't exceed what we have been given.
1127          */
1128         base = use_pack(p, w_curs, *curpos, &left);
1129         used = unpack_object_header_buffer(base, left, &type, sizep);
1130         if (!used) {
1131                 type = OBJ_BAD;
1132         } else
1133                 *curpos += used;
1134
1135         return type;
1136 }
1137
1138 void mark_bad_packed_object(struct packed_git *p, const unsigned char *sha1)
1139 {
1140         unsigned i;
1141         const unsigned hashsz = the_hash_algo->rawsz;
1142         for (i = 0; i < p->num_bad_objects; i++)
1143                 if (hasheq(sha1, p->bad_object_sha1 + hashsz * i))
1144                         return;
1145         p->bad_object_sha1 = xrealloc(p->bad_object_sha1,
1146                                       st_mult(GIT_MAX_RAWSZ,
1147                                               st_add(p->num_bad_objects, 1)));
1148         hashcpy(p->bad_object_sha1 + hashsz * p->num_bad_objects, sha1);
1149         p->num_bad_objects++;
1150 }
1151
1152 const struct packed_git *has_packed_and_bad(struct repository *r,
1153                                             const unsigned char *sha1)
1154 {
1155         struct packed_git *p;
1156         unsigned i;
1157
1158         for (p = r->objects->packed_git; p; p = p->next)
1159                 for (i = 0; i < p->num_bad_objects; i++)
1160                         if (hasheq(sha1,
1161                                    p->bad_object_sha1 + the_hash_algo->rawsz * i))
1162                                 return p;
1163         return NULL;
1164 }
1165
1166 static off_t get_delta_base(struct packed_git *p,
1167                                     struct pack_window **w_curs,
1168                                     off_t *curpos,
1169                                     enum object_type type,
1170                                     off_t delta_obj_offset)
1171 {
1172         unsigned char *base_info = use_pack(p, w_curs, *curpos, NULL);
1173         off_t base_offset;
1174
1175         /* use_pack() assured us we have [base_info, base_info + 20)
1176          * as a range that we can look at without walking off the
1177          * end of the mapped window.  Its actually the hash size
1178          * that is assured.  An OFS_DELTA longer than the hash size
1179          * is stupid, as then a REF_DELTA would be smaller to store.
1180          */
1181         if (type == OBJ_OFS_DELTA) {
1182                 unsigned used = 0;
1183                 unsigned char c = base_info[used++];
1184                 base_offset = c & 127;
1185                 while (c & 128) {
1186                         base_offset += 1;
1187                         if (!base_offset || MSB(base_offset, 7))
1188                                 return 0;  /* overflow */
1189                         c = base_info[used++];
1190                         base_offset = (base_offset << 7) + (c & 127);
1191                 }
1192                 base_offset = delta_obj_offset - base_offset;
1193                 if (base_offset <= 0 || base_offset >= delta_obj_offset)
1194                         return 0;  /* out of bound */
1195                 *curpos += used;
1196         } else if (type == OBJ_REF_DELTA) {
1197                 /* The base entry _must_ be in the same pack */
1198                 base_offset = find_pack_entry_one(base_info, p);
1199                 *curpos += the_hash_algo->rawsz;
1200         } else
1201                 die("I am totally screwed");
1202         return base_offset;
1203 }
1204
1205 /*
1206  * Like get_delta_base above, but we return the sha1 instead of the pack
1207  * offset. This means it is cheaper for REF deltas (we do not have to do
1208  * the final object lookup), but more expensive for OFS deltas (we
1209  * have to load the revidx to convert the offset back into a sha1).
1210  */
1211 static const unsigned char *get_delta_base_sha1(struct packed_git *p,
1212                                                 struct pack_window **w_curs,
1213                                                 off_t curpos,
1214                                                 enum object_type type,
1215                                                 off_t delta_obj_offset)
1216 {
1217         if (type == OBJ_REF_DELTA) {
1218                 unsigned char *base = use_pack(p, w_curs, curpos, NULL);
1219                 return base;
1220         } else if (type == OBJ_OFS_DELTA) {
1221                 struct revindex_entry *revidx;
1222                 off_t base_offset = get_delta_base(p, w_curs, &curpos,
1223                                                    type, delta_obj_offset);
1224
1225                 if (!base_offset)
1226                         return NULL;
1227
1228                 revidx = find_pack_revindex(p, base_offset);
1229                 if (!revidx)
1230                         return NULL;
1231
1232                 return nth_packed_object_sha1(p, revidx->nr);
1233         } else
1234                 return NULL;
1235 }
1236
1237 static int retry_bad_packed_offset(struct repository *r,
1238                                    struct packed_git *p,
1239                                    off_t obj_offset)
1240 {
1241         int type;
1242         struct revindex_entry *revidx;
1243         struct object_id oid;
1244         revidx = find_pack_revindex(p, obj_offset);
1245         if (!revidx)
1246                 return OBJ_BAD;
1247         nth_packed_object_oid(&oid, p, revidx->nr);
1248         mark_bad_packed_object(p, oid.hash);
1249         type = oid_object_info(r, &oid, NULL);
1250         if (type <= OBJ_NONE)
1251                 return OBJ_BAD;
1252         return type;
1253 }
1254
1255 #define POI_STACK_PREALLOC 64
1256
1257 static enum object_type packed_to_object_type(struct repository *r,
1258                                               struct packed_git *p,
1259                                               off_t obj_offset,
1260                                               enum object_type type,
1261                                               struct pack_window **w_curs,
1262                                               off_t curpos)
1263 {
1264         off_t small_poi_stack[POI_STACK_PREALLOC];
1265         off_t *poi_stack = small_poi_stack;
1266         int poi_stack_nr = 0, poi_stack_alloc = POI_STACK_PREALLOC;
1267
1268         while (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1269                 off_t base_offset;
1270                 unsigned long size;
1271                 /* Push the object we're going to leave behind */
1272                 if (poi_stack_nr >= poi_stack_alloc && poi_stack == small_poi_stack) {
1273                         poi_stack_alloc = alloc_nr(poi_stack_nr);
1274                         ALLOC_ARRAY(poi_stack, poi_stack_alloc);
1275                         memcpy(poi_stack, small_poi_stack, sizeof(off_t)*poi_stack_nr);
1276                 } else {
1277                         ALLOC_GROW(poi_stack, poi_stack_nr+1, poi_stack_alloc);
1278                 }
1279                 poi_stack[poi_stack_nr++] = obj_offset;
1280                 /* If parsing the base offset fails, just unwind */
1281                 base_offset = get_delta_base(p, w_curs, &curpos, type, obj_offset);
1282                 if (!base_offset)
1283                         goto unwind;
1284                 curpos = obj_offset = base_offset;
1285                 type = unpack_object_header(p, w_curs, &curpos, &size);
1286                 if (type <= OBJ_NONE) {
1287                         /* If getting the base itself fails, we first
1288                          * retry the base, otherwise unwind */
1289                         type = retry_bad_packed_offset(r, p, base_offset);
1290                         if (type > OBJ_NONE)
1291                                 goto out;
1292                         goto unwind;
1293                 }
1294         }
1295
1296         switch (type) {
1297         case OBJ_BAD:
1298         case OBJ_COMMIT:
1299         case OBJ_TREE:
1300         case OBJ_BLOB:
1301         case OBJ_TAG:
1302                 break;
1303         default:
1304                 error("unknown object type %i at offset %"PRIuMAX" in %s",
1305                       type, (uintmax_t)obj_offset, p->pack_name);
1306                 type = OBJ_BAD;
1307         }
1308
1309 out:
1310         if (poi_stack != small_poi_stack)
1311                 free(poi_stack);
1312         return type;
1313
1314 unwind:
1315         while (poi_stack_nr) {
1316                 obj_offset = poi_stack[--poi_stack_nr];
1317                 type = retry_bad_packed_offset(r, p, obj_offset);
1318                 if (type > OBJ_NONE)
1319                         goto out;
1320         }
1321         type = OBJ_BAD;
1322         goto out;
1323 }
1324
1325 static struct hashmap delta_base_cache;
1326 static size_t delta_base_cached;
1327
1328 static LIST_HEAD(delta_base_cache_lru);
1329
1330 struct delta_base_cache_key {
1331         struct packed_git *p;
1332         off_t base_offset;
1333 };
1334
1335 struct delta_base_cache_entry {
1336         struct hashmap hash;
1337         struct delta_base_cache_key key;
1338         struct list_head lru;
1339         void *data;
1340         unsigned long size;
1341         enum object_type type;
1342 };
1343
1344 static unsigned int pack_entry_hash(struct packed_git *p, off_t base_offset)
1345 {
1346         unsigned int hash;
1347
1348         hash = (unsigned int)(intptr_t)p + (unsigned int)base_offset;
1349         hash += (hash >> 8) + (hash >> 16);
1350         return hash;
1351 }
1352
1353 static struct delta_base_cache_entry *
1354 get_delta_base_cache_entry(struct packed_git *p, off_t base_offset)
1355 {
1356         struct hashmap_entry entry;
1357         struct delta_base_cache_key key;
1358
1359         if (!delta_base_cache.cmpfn)
1360                 return NULL;
1361
1362         hashmap_entry_init(&entry, pack_entry_hash(p, base_offset));
1363         key.p = p;
1364         key.base_offset = base_offset;
1365         return hashmap_get(&delta_base_cache, &entry, &key);
1366 }
1367
1368 static int delta_base_cache_key_eq(const struct delta_base_cache_key *a,
1369                                    const struct delta_base_cache_key *b)
1370 {
1371         return a->p == b->p && a->base_offset == b->base_offset;
1372 }
1373
1374 static int delta_base_cache_hash_cmp(const void *unused_cmp_data,
1375                                      const void *va, const void *vb,
1376                                      const void *vkey)
1377 {
1378         const struct delta_base_cache_entry *a = va, *b = vb;
1379         const struct delta_base_cache_key *key = vkey;
1380         if (key)
1381                 return !delta_base_cache_key_eq(&a->key, key);
1382         else
1383                 return !delta_base_cache_key_eq(&a->key, &b->key);
1384 }
1385
1386 static int in_delta_base_cache(struct packed_git *p, off_t base_offset)
1387 {
1388         return !!get_delta_base_cache_entry(p, base_offset);
1389 }
1390
1391 /*
1392  * Remove the entry from the cache, but do _not_ free the associated
1393  * entry data. The caller takes ownership of the "data" buffer, and
1394  * should copy out any fields it wants before detaching.
1395  */
1396 static void detach_delta_base_cache_entry(struct delta_base_cache_entry *ent)
1397 {
1398         hashmap_remove(&delta_base_cache, ent, &ent->key);
1399         list_del(&ent->lru);
1400         delta_base_cached -= ent->size;
1401         free(ent);
1402 }
1403
1404 static void *cache_or_unpack_entry(struct repository *r, struct packed_git *p,
1405                                    off_t base_offset, unsigned long *base_size,
1406                                    enum object_type *type)
1407 {
1408         struct delta_base_cache_entry *ent;
1409
1410         ent = get_delta_base_cache_entry(p, base_offset);
1411         if (!ent)
1412                 return unpack_entry(r, p, base_offset, type, base_size);
1413
1414         if (type)
1415                 *type = ent->type;
1416         if (base_size)
1417                 *base_size = ent->size;
1418         return xmemdupz(ent->data, ent->size);
1419 }
1420
1421 static inline void release_delta_base_cache(struct delta_base_cache_entry *ent)
1422 {
1423         free(ent->data);
1424         detach_delta_base_cache_entry(ent);
1425 }
1426
1427 void clear_delta_base_cache(void)
1428 {
1429         struct list_head *lru, *tmp;
1430         list_for_each_safe(lru, tmp, &delta_base_cache_lru) {
1431                 struct delta_base_cache_entry *entry =
1432                         list_entry(lru, struct delta_base_cache_entry, lru);
1433                 release_delta_base_cache(entry);
1434         }
1435 }
1436
1437 static void add_delta_base_cache(struct packed_git *p, off_t base_offset,
1438         void *base, unsigned long base_size, enum object_type type)
1439 {
1440         struct delta_base_cache_entry *ent = xmalloc(sizeof(*ent));
1441         struct list_head *lru, *tmp;
1442
1443         delta_base_cached += base_size;
1444
1445         list_for_each_safe(lru, tmp, &delta_base_cache_lru) {
1446                 struct delta_base_cache_entry *f =
1447                         list_entry(lru, struct delta_base_cache_entry, lru);
1448                 if (delta_base_cached <= delta_base_cache_limit)
1449                         break;
1450                 release_delta_base_cache(f);
1451         }
1452
1453         ent->key.p = p;
1454         ent->key.base_offset = base_offset;
1455         ent->type = type;
1456         ent->data = base;
1457         ent->size = base_size;
1458         list_add_tail(&ent->lru, &delta_base_cache_lru);
1459
1460         if (!delta_base_cache.cmpfn)
1461                 hashmap_init(&delta_base_cache, delta_base_cache_hash_cmp, NULL, 0);
1462         hashmap_entry_init(ent, pack_entry_hash(p, base_offset));
1463         hashmap_add(&delta_base_cache, ent);
1464 }
1465
1466 int packed_object_info(struct repository *r, struct packed_git *p,
1467                        off_t obj_offset, struct object_info *oi)
1468 {
1469         struct pack_window *w_curs = NULL;
1470         unsigned long size;
1471         off_t curpos = obj_offset;
1472         enum object_type type;
1473
1474         /*
1475          * We always get the representation type, but only convert it to
1476          * a "real" type later if the caller is interested.
1477          */
1478         if (oi->contentp) {
1479                 *oi->contentp = cache_or_unpack_entry(r, p, obj_offset, oi->sizep,
1480                                                       &type);
1481                 if (!*oi->contentp)
1482                         type = OBJ_BAD;
1483         } else {
1484                 type = unpack_object_header(p, &w_curs, &curpos, &size);
1485         }
1486
1487         if (!oi->contentp && oi->sizep) {
1488                 if (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1489                         off_t tmp_pos = curpos;
1490                         off_t base_offset = get_delta_base(p, &w_curs, &tmp_pos,
1491                                                            type, obj_offset);
1492                         if (!base_offset) {
1493                                 type = OBJ_BAD;
1494                                 goto out;
1495                         }
1496                         *oi->sizep = get_size_from_delta(p, &w_curs, tmp_pos);
1497                         if (*oi->sizep == 0) {
1498                                 type = OBJ_BAD;
1499                                 goto out;
1500                         }
1501                 } else {
1502                         *oi->sizep = size;
1503                 }
1504         }
1505
1506         if (oi->disk_sizep) {
1507                 struct revindex_entry *revidx = find_pack_revindex(p, obj_offset);
1508                 *oi->disk_sizep = revidx[1].offset - obj_offset;
1509         }
1510
1511         if (oi->typep || oi->type_name) {
1512                 enum object_type ptot;
1513                 ptot = packed_to_object_type(r, p, obj_offset,
1514                                              type, &w_curs, curpos);
1515                 if (oi->typep)
1516                         *oi->typep = ptot;
1517                 if (oi->type_name) {
1518                         const char *tn = type_name(ptot);
1519                         if (tn)
1520                                 strbuf_addstr(oi->type_name, tn);
1521                 }
1522                 if (ptot < 0) {
1523                         type = OBJ_BAD;
1524                         goto out;
1525                 }
1526         }
1527
1528         if (oi->delta_base_sha1) {
1529                 if (type == OBJ_OFS_DELTA || type == OBJ_REF_DELTA) {
1530                         const unsigned char *base;
1531
1532                         base = get_delta_base_sha1(p, &w_curs, curpos,
1533                                                    type, obj_offset);
1534                         if (!base) {
1535                                 type = OBJ_BAD;
1536                                 goto out;
1537                         }
1538
1539                         hashcpy(oi->delta_base_sha1, base);
1540                 } else
1541                         hashclr(oi->delta_base_sha1);
1542         }
1543
1544         oi->whence = in_delta_base_cache(p, obj_offset) ? OI_DBCACHED :
1545                                                           OI_PACKED;
1546
1547 out:
1548         unuse_pack(&w_curs);
1549         return type;
1550 }
1551
1552 static void *unpack_compressed_entry(struct packed_git *p,
1553                                     struct pack_window **w_curs,
1554                                     off_t curpos,
1555                                     unsigned long size)
1556 {
1557         int st;
1558         git_zstream stream;
1559         unsigned char *buffer, *in;
1560
1561         buffer = xmallocz_gently(size);
1562         if (!buffer)
1563                 return NULL;
1564         memset(&stream, 0, sizeof(stream));
1565         stream.next_out = buffer;
1566         stream.avail_out = size + 1;
1567
1568         git_inflate_init(&stream);
1569         do {
1570                 in = use_pack(p, w_curs, curpos, &stream.avail_in);
1571                 stream.next_in = in;
1572                 st = git_inflate(&stream, Z_FINISH);
1573                 if (!stream.avail_out)
1574                         break; /* the payload is larger than it should be */
1575                 curpos += stream.next_in - in;
1576         } while (st == Z_OK || st == Z_BUF_ERROR);
1577         git_inflate_end(&stream);
1578         if ((st != Z_STREAM_END) || stream.total_out != size) {
1579                 free(buffer);
1580                 return NULL;
1581         }
1582
1583         /* versions of zlib can clobber unconsumed portion of outbuf */
1584         buffer[size] = '\0';
1585
1586         return buffer;
1587 }
1588
1589 static void write_pack_access_log(struct packed_git *p, off_t obj_offset)
1590 {
1591         static struct trace_key pack_access = TRACE_KEY_INIT(PACK_ACCESS);
1592         trace_printf_key(&pack_access, "%s %"PRIuMAX"\n",
1593                          p->pack_name, (uintmax_t)obj_offset);
1594 }
1595
1596 int do_check_packed_object_crc;
1597
1598 #define UNPACK_ENTRY_STACK_PREALLOC 64
1599 struct unpack_entry_stack_ent {
1600         off_t obj_offset;
1601         off_t curpos;
1602         unsigned long size;
1603 };
1604
1605 static void *read_object(struct repository *r,
1606                          const struct object_id *oid,
1607                          enum object_type *type,
1608                          unsigned long *size)
1609 {
1610         struct object_info oi = OBJECT_INFO_INIT;
1611         void *content;
1612         oi.typep = type;
1613         oi.sizep = size;
1614         oi.contentp = &content;
1615
1616         if (oid_object_info_extended(r, oid, &oi, 0) < 0)
1617                 return NULL;
1618         return content;
1619 }
1620
1621 void *unpack_entry(struct repository *r, struct packed_git *p, off_t obj_offset,
1622                    enum object_type *final_type, unsigned long *final_size)
1623 {
1624         struct pack_window *w_curs = NULL;
1625         off_t curpos = obj_offset;
1626         void *data = NULL;
1627         unsigned long size;
1628         enum object_type type;
1629         struct unpack_entry_stack_ent small_delta_stack[UNPACK_ENTRY_STACK_PREALLOC];
1630         struct unpack_entry_stack_ent *delta_stack = small_delta_stack;
1631         int delta_stack_nr = 0, delta_stack_alloc = UNPACK_ENTRY_STACK_PREALLOC;
1632         int base_from_cache = 0;
1633
1634         write_pack_access_log(p, obj_offset);
1635
1636         /* PHASE 1: drill down to the innermost base object */
1637         for (;;) {
1638                 off_t base_offset;
1639                 int i;
1640                 struct delta_base_cache_entry *ent;
1641
1642                 ent = get_delta_base_cache_entry(p, curpos);
1643                 if (ent) {
1644                         type = ent->type;
1645                         data = ent->data;
1646                         size = ent->size;
1647                         detach_delta_base_cache_entry(ent);
1648                         base_from_cache = 1;
1649                         break;
1650                 }
1651
1652                 if (do_check_packed_object_crc && p->index_version > 1) {
1653                         struct revindex_entry *revidx = find_pack_revindex(p, obj_offset);
1654                         off_t len = revidx[1].offset - obj_offset;
1655                         if (check_pack_crc(p, &w_curs, obj_offset, len, revidx->nr)) {
1656                                 struct object_id oid;
1657                                 nth_packed_object_oid(&oid, p, revidx->nr);
1658                                 error("bad packed object CRC for %s",
1659                                       oid_to_hex(&oid));
1660                                 mark_bad_packed_object(p, oid.hash);
1661                                 data = NULL;
1662                                 goto out;
1663                         }
1664                 }
1665
1666                 type = unpack_object_header(p, &w_curs, &curpos, &size);
1667                 if (type != OBJ_OFS_DELTA && type != OBJ_REF_DELTA)
1668                         break;
1669
1670                 base_offset = get_delta_base(p, &w_curs, &curpos, type, obj_offset);
1671                 if (!base_offset) {
1672                         error("failed to validate delta base reference "
1673                               "at offset %"PRIuMAX" from %s",
1674                               (uintmax_t)curpos, p->pack_name);
1675                         /* bail to phase 2, in hopes of recovery */
1676                         data = NULL;
1677                         break;
1678                 }
1679
1680                 /* push object, proceed to base */
1681                 if (delta_stack_nr >= delta_stack_alloc
1682                     && delta_stack == small_delta_stack) {
1683                         delta_stack_alloc = alloc_nr(delta_stack_nr);
1684                         ALLOC_ARRAY(delta_stack, delta_stack_alloc);
1685                         memcpy(delta_stack, small_delta_stack,
1686                                sizeof(*delta_stack)*delta_stack_nr);
1687                 } else {
1688                         ALLOC_GROW(delta_stack, delta_stack_nr+1, delta_stack_alloc);
1689                 }
1690                 i = delta_stack_nr++;
1691                 delta_stack[i].obj_offset = obj_offset;
1692                 delta_stack[i].curpos = curpos;
1693                 delta_stack[i].size = size;
1694
1695                 curpos = obj_offset = base_offset;
1696         }
1697
1698         /* PHASE 2: handle the base */
1699         switch (type) {
1700         case OBJ_OFS_DELTA:
1701         case OBJ_REF_DELTA:
1702                 if (data)
1703                         BUG("unpack_entry: left loop at a valid delta");
1704                 break;
1705         case OBJ_COMMIT:
1706         case OBJ_TREE:
1707         case OBJ_BLOB:
1708         case OBJ_TAG:
1709                 if (!base_from_cache)
1710                         data = unpack_compressed_entry(p, &w_curs, curpos, size);
1711                 break;
1712         default:
1713                 data = NULL;
1714                 error("unknown object type %i at offset %"PRIuMAX" in %s",
1715                       type, (uintmax_t)obj_offset, p->pack_name);
1716         }
1717
1718         /* PHASE 3: apply deltas in order */
1719
1720         /* invariants:
1721          *   'data' holds the base data, or NULL if there was corruption
1722          */
1723         while (delta_stack_nr) {
1724                 void *delta_data;
1725                 void *base = data;
1726                 void *external_base = NULL;
1727                 unsigned long delta_size, base_size = size;
1728                 int i;
1729
1730                 data = NULL;
1731
1732                 if (base)
1733                         add_delta_base_cache(p, obj_offset, base, base_size, type);
1734
1735                 if (!base) {
1736                         /*
1737                          * We're probably in deep shit, but let's try to fetch
1738                          * the required base anyway from another pack or loose.
1739                          * This is costly but should happen only in the presence
1740                          * of a corrupted pack, and is better than failing outright.
1741                          */
1742                         struct revindex_entry *revidx;
1743                         struct object_id base_oid;
1744                         revidx = find_pack_revindex(p, obj_offset);
1745                         if (revidx) {
1746                                 nth_packed_object_oid(&base_oid, p, revidx->nr);
1747                                 error("failed to read delta base object %s"
1748                                       " at offset %"PRIuMAX" from %s",
1749                                       oid_to_hex(&base_oid), (uintmax_t)obj_offset,
1750                                       p->pack_name);
1751                                 mark_bad_packed_object(p, base_oid.hash);
1752                                 base = read_object(r, &base_oid, &type, &base_size);
1753                                 external_base = base;
1754                         }
1755                 }
1756
1757                 i = --delta_stack_nr;
1758                 obj_offset = delta_stack[i].obj_offset;
1759                 curpos = delta_stack[i].curpos;
1760                 delta_size = delta_stack[i].size;
1761
1762                 if (!base)
1763                         continue;
1764
1765                 delta_data = unpack_compressed_entry(p, &w_curs, curpos, delta_size);
1766
1767                 if (!delta_data) {
1768                         error("failed to unpack compressed delta "
1769                               "at offset %"PRIuMAX" from %s",
1770                               (uintmax_t)curpos, p->pack_name);
1771                         data = NULL;
1772                         free(external_base);
1773                         continue;
1774                 }
1775
1776                 data = patch_delta(base, base_size,
1777                                    delta_data, delta_size,
1778                                    &size);
1779
1780                 /*
1781                  * We could not apply the delta; warn the user, but keep going.
1782                  * Our failure will be noticed either in the next iteration of
1783                  * the loop, or if this is the final delta, in the caller when
1784                  * we return NULL. Those code paths will take care of making
1785                  * a more explicit warning and retrying with another copy of
1786                  * the object.
1787                  */
1788                 if (!data)
1789                         error("failed to apply delta");
1790
1791                 free(delta_data);
1792                 free(external_base);
1793         }
1794
1795         if (final_type)
1796                 *final_type = type;
1797         if (final_size)
1798                 *final_size = size;
1799
1800 out:
1801         unuse_pack(&w_curs);
1802
1803         if (delta_stack != small_delta_stack)
1804                 free(delta_stack);
1805
1806         return data;
1807 }
1808
1809 int bsearch_pack(const struct object_id *oid, const struct packed_git *p, uint32_t *result)
1810 {
1811         const unsigned char *index_fanout = p->index_data;
1812         const unsigned char *index_lookup;
1813         const unsigned int hashsz = the_hash_algo->rawsz;
1814         int index_lookup_width;
1815
1816         if (!index_fanout)
1817                 BUG("bsearch_pack called without a valid pack-index");
1818
1819         index_lookup = index_fanout + 4 * 256;
1820         if (p->index_version == 1) {
1821                 index_lookup_width = hashsz + 4;
1822                 index_lookup += 4;
1823         } else {
1824                 index_lookup_width = hashsz;
1825                 index_fanout += 8;
1826                 index_lookup += 8;
1827         }
1828
1829         return bsearch_hash(oid->hash, (const uint32_t*)index_fanout,
1830                             index_lookup, index_lookup_width, result);
1831 }
1832
1833 const unsigned char *nth_packed_object_sha1(struct packed_git *p,
1834                                             uint32_t n)
1835 {
1836         const unsigned char *index = p->index_data;
1837         const unsigned int hashsz = the_hash_algo->rawsz;
1838         if (!index) {
1839                 if (open_pack_index(p))
1840                         return NULL;
1841                 index = p->index_data;
1842         }
1843         if (n >= p->num_objects)
1844                 return NULL;
1845         index += 4 * 256;
1846         if (p->index_version == 1) {
1847                 return index + (hashsz + 4) * n + 4;
1848         } else {
1849                 index += 8;
1850                 return index + hashsz * n;
1851         }
1852 }
1853
1854 const struct object_id *nth_packed_object_oid(struct object_id *oid,
1855                                               struct packed_git *p,
1856                                               uint32_t n)
1857 {
1858         const unsigned char *hash = nth_packed_object_sha1(p, n);
1859         if (!hash)
1860                 return NULL;
1861         hashcpy(oid->hash, hash);
1862         return oid;
1863 }
1864
1865 void check_pack_index_ptr(const struct packed_git *p, const void *vptr)
1866 {
1867         const unsigned char *ptr = vptr;
1868         const unsigned char *start = p->index_data;
1869         const unsigned char *end = start + p->index_size;
1870         if (ptr < start)
1871                 die(_("offset before start of pack index for %s (corrupt index?)"),
1872                     p->pack_name);
1873         /* No need to check for underflow; .idx files must be at least 8 bytes */
1874         if (ptr >= end - 8)
1875                 die(_("offset beyond end of pack index for %s (truncated index?)"),
1876                     p->pack_name);
1877 }
1878
1879 off_t nth_packed_object_offset(const struct packed_git *p, uint32_t n)
1880 {
1881         const unsigned char *index = p->index_data;
1882         const unsigned int hashsz = the_hash_algo->rawsz;
1883         index += 4 * 256;
1884         if (p->index_version == 1) {
1885                 return ntohl(*((uint32_t *)(index + (hashsz + 4) * n)));
1886         } else {
1887                 uint32_t off;
1888                 index += 8 + p->num_objects * (hashsz + 4);
1889                 off = ntohl(*((uint32_t *)(index + 4 * n)));
1890                 if (!(off & 0x80000000))
1891                         return off;
1892                 index += p->num_objects * 4 + (off & 0x7fffffff) * 8;
1893                 check_pack_index_ptr(p, index);
1894                 return get_be64(index);
1895         }
1896 }
1897
1898 off_t find_pack_entry_one(const unsigned char *sha1,
1899                                   struct packed_git *p)
1900 {
1901         const unsigned char *index = p->index_data;
1902         struct object_id oid;
1903         uint32_t result;
1904
1905         if (!index) {
1906                 if (open_pack_index(p))
1907                         return 0;
1908         }
1909
1910         hashcpy(oid.hash, sha1);
1911         if (bsearch_pack(&oid, p, &result))
1912                 return nth_packed_object_offset(p, result);
1913         return 0;
1914 }
1915
1916 int is_pack_valid(struct packed_git *p)
1917 {
1918         /* An already open pack is known to be valid. */
1919         if (p->pack_fd != -1)
1920                 return 1;
1921
1922         /* If the pack has one window completely covering the
1923          * file size, the pack is known to be valid even if
1924          * the descriptor is not currently open.
1925          */
1926         if (p->windows) {
1927                 struct pack_window *w = p->windows;
1928
1929                 if (!w->offset && w->len == p->pack_size)
1930                         return 1;
1931         }
1932
1933         /* Force the pack to open to prove its valid. */
1934         return !open_packed_git(p);
1935 }
1936
1937 struct packed_git *find_sha1_pack(const unsigned char *sha1,
1938                                   struct packed_git *packs)
1939 {
1940         struct packed_git *p;
1941
1942         for (p = packs; p; p = p->next) {
1943                 if (find_pack_entry_one(sha1, p))
1944                         return p;
1945         }
1946         return NULL;
1947
1948 }
1949
1950 static int fill_pack_entry(const struct object_id *oid,
1951                            struct pack_entry *e,
1952                            struct packed_git *p)
1953 {
1954         off_t offset;
1955
1956         if (p->num_bad_objects) {
1957                 unsigned i;
1958                 for (i = 0; i < p->num_bad_objects; i++)
1959                         if (hasheq(oid->hash,
1960                                    p->bad_object_sha1 + the_hash_algo->rawsz * i))
1961                                 return 0;
1962         }
1963
1964         offset = find_pack_entry_one(oid->hash, p);
1965         if (!offset)
1966                 return 0;
1967
1968         /*
1969          * We are about to tell the caller where they can locate the
1970          * requested object.  We better make sure the packfile is
1971          * still here and can be accessed before supplying that
1972          * answer, as it may have been deleted since the index was
1973          * loaded!
1974          */
1975         if (!is_pack_valid(p))
1976                 return 0;
1977         e->offset = offset;
1978         e->p = p;
1979         return 1;
1980 }
1981
1982 int find_pack_entry(struct repository *r, const struct object_id *oid, struct pack_entry *e)
1983 {
1984         struct list_head *pos;
1985         struct multi_pack_index *m;
1986
1987         prepare_packed_git(r);
1988         if (!r->objects->packed_git && !r->objects->multi_pack_index)
1989                 return 0;
1990
1991         for (m = r->objects->multi_pack_index; m; m = m->next) {
1992                 if (fill_midx_entry(r, oid, e, m))
1993                         return 1;
1994         }
1995
1996         list_for_each(pos, &r->objects->packed_git_mru) {
1997                 struct packed_git *p = list_entry(pos, struct packed_git, mru);
1998                 if (!p->multi_pack_index && fill_pack_entry(oid, e, p)) {
1999                         list_move(&p->mru, &r->objects->packed_git_mru);
2000                         return 1;
2001                 }
2002         }
2003         return 0;
2004 }
2005
2006 int has_object_pack(const struct object_id *oid)
2007 {
2008         struct pack_entry e;
2009         return find_pack_entry(the_repository, oid, &e);
2010 }
2011
2012 int has_pack_index(const unsigned char *sha1)
2013 {
2014         struct stat st;
2015         if (stat(sha1_pack_index_name(sha1), &st))
2016                 return 0;
2017         return 1;
2018 }
2019
2020 int for_each_object_in_pack(struct packed_git *p,
2021                             each_packed_object_fn cb, void *data,
2022                             enum for_each_object_flags flags)
2023 {
2024         uint32_t i;
2025         int r = 0;
2026
2027         if (flags & FOR_EACH_OBJECT_PACK_ORDER) {
2028                 if (load_pack_revindex(p))
2029                         return -1;
2030         }
2031
2032         for (i = 0; i < p->num_objects; i++) {
2033                 uint32_t pos;
2034                 struct object_id oid;
2035
2036                 if (flags & FOR_EACH_OBJECT_PACK_ORDER)
2037                         pos = p->revindex[i].nr;
2038                 else
2039                         pos = i;
2040
2041                 if (!nth_packed_object_oid(&oid, p, pos))
2042                         return error("unable to get sha1 of object %u in %s",
2043                                      pos, p->pack_name);
2044
2045                 r = cb(&oid, p, pos, data);
2046                 if (r)
2047                         break;
2048         }
2049         return r;
2050 }
2051
2052 int for_each_packed_object(each_packed_object_fn cb, void *data,
2053                            enum for_each_object_flags flags)
2054 {
2055         struct packed_git *p;
2056         int r = 0;
2057         int pack_errors = 0;
2058
2059         prepare_packed_git(the_repository);
2060         for (p = get_all_packs(the_repository); p; p = p->next) {
2061                 if ((flags & FOR_EACH_OBJECT_LOCAL_ONLY) && !p->pack_local)
2062                         continue;
2063                 if ((flags & FOR_EACH_OBJECT_PROMISOR_ONLY) &&
2064                     !p->pack_promisor)
2065                         continue;
2066                 if (open_pack_index(p)) {
2067                         pack_errors = 1;
2068                         continue;
2069                 }
2070                 r = for_each_object_in_pack(p, cb, data, flags);
2071                 if (r)
2072                         break;
2073         }
2074         return r ? r : pack_errors;
2075 }
2076
2077 static int add_promisor_object(const struct object_id *oid,
2078                                struct packed_git *pack,
2079                                uint32_t pos,
2080                                void *set_)
2081 {
2082         struct oidset *set = set_;
2083         struct object *obj = parse_object(the_repository, oid);
2084         if (!obj)
2085                 return 1;
2086
2087         oidset_insert(set, oid);
2088
2089         /*
2090          * If this is a tree, commit, or tag, the objects it refers
2091          * to are also promisor objects. (Blobs refer to no objects->)
2092          */
2093         if (obj->type == OBJ_TREE) {
2094                 struct tree *tree = (struct tree *)obj;
2095                 struct tree_desc desc;
2096                 struct name_entry entry;
2097                 if (init_tree_desc_gently(&desc, tree->buffer, tree->size))
2098                         /*
2099                          * Error messages are given when packs are
2100                          * verified, so do not print any here.
2101                          */
2102                         return 0;
2103                 while (tree_entry_gently(&desc, &entry))
2104                         oidset_insert(set, &entry.oid);
2105         } else if (obj->type == OBJ_COMMIT) {
2106                 struct commit *commit = (struct commit *) obj;
2107                 struct commit_list *parents = commit->parents;
2108
2109                 oidset_insert(set, get_commit_tree_oid(commit));
2110                 for (; parents; parents = parents->next)
2111                         oidset_insert(set, &parents->item->object.oid);
2112         } else if (obj->type == OBJ_TAG) {
2113                 struct tag *tag = (struct tag *) obj;
2114                 oidset_insert(set, &tag->tagged->oid);
2115         }
2116         return 0;
2117 }
2118
2119 int is_promisor_object(const struct object_id *oid)
2120 {
2121         static struct oidset promisor_objects;
2122         static int promisor_objects_prepared;
2123
2124         if (!promisor_objects_prepared) {
2125                 if (repository_format_partial_clone) {
2126                         for_each_packed_object(add_promisor_object,
2127                                                &promisor_objects,
2128                                                FOR_EACH_OBJECT_PROMISOR_ONLY);
2129                 }
2130                 promisor_objects_prepared = 1;
2131         }
2132         return oidset_contains(&promisor_objects, oid);
2133 }