vcs-svn: verify that deltas consume all inline data

By constraining the format of deltas, we can more easily detect
corruption and other breakage.

Requiring deltas not to provide unconsumed data also opens the
possibility of ignoring the declared amount of novel data and simply
streaming the data as needed to fulfill copyfrom_data requests.

Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Acked-by: Ramkumar Ramachandra <artagnon@gmail.com>

diff --git a/t/t9011-svn-da.sh b/t/t9011-svn-da.sh
index ba8ce05..72691b9 100755 (executable)
--- a/t/t9011-svn-da.sh
+++ b/t/t9011-svn-da.sh
@@ -121,11 +121,10 @@ test_expect_success 'preimage view: reject truncated preimage' '
        test_must_fail test-svn-fe -d preimage clear.longread 9
 '
 
-test_expect_success 'inline data' '
+test_expect_success 'forbid unconsumed inline data' '
        printf "SVNQ%b%s%b%s" "QQQQ\003" "bar" "QQQQ\001" "x" |
                q_to_nul >inline.clear &&
-       test-svn-fe -d preimage inline.clear 18 >actual &&
-       test_cmp empty actual
+       test_must_fail test-svn-fe -d preimage inline.clear 18 >actual
 '
 
 test_expect_success 'reject truncated inline data' '

diff --git a/vcs-svn/svndiff.c b/vcs-svn/svndiff.c
index ed1d4a0..fb7dc22 100644 (file)
--- a/vcs-svn/svndiff.c
+++ b/vcs-svn/svndiff.c
@@ -208,6 +208,8 @@ static int apply_window_in_core(struct window *ctx)
             )
                if (execute_one_instruction(ctx, &instructions, &data_pos))
                        return -1;
+       if (data_pos != ctx->data.len)
+               return error("invalid delta: does not copy all inline data");
        return 0;
 }