commit 60c140aebbd1069094e75d8358cb305bc305b7f8
from: Stefan Sperling <stsp@stsp.name>
date: Mon Jan 09 17:32:29 2023 UTC

use a caller-specified size limit for mapped files in got_object_raw_alloc()
 
Without this we end up being confused about whether a raw object has
been mapped into memory, leading to crashes.

ok op@

commit - e98a81e6856357207df4b28256b3f472b90f0408
commit + 60c140aebbd1069094e75d8358cb305bc305b7f8
blob - f0d614fbd97c672d8ebb6442ea09ea11e0d3e929
blob + 0272a5dfbad3568d5ae28e7d1c782d936770da89
--- lib/got_lib_object.h
+++ lib/got_lib_object.h
@@ -155,4 +155,4 @@ const struct got_error *got_object_enumerate(int *,
     struct got_packidx *, struct got_repository *);
 
 const struct got_error *got_object_raw_alloc(struct got_raw_object **,
-    uint8_t *, int *, size_t, off_t);
+    uint8_t *, int *, size_t, size_t, off_t);
blob - 54e293a9edcae0e19c86ba7f2094cf5c456ff12a
blob + 52e7c967c9cc041ec94d6baa8ab706eb7434b845
--- lib/object.c
+++ lib/object.c
@@ -956,7 +956,7 @@ got_object_commit_retain(struct got_commit_object *com
 
 const struct got_error *
 got_object_raw_alloc(struct got_raw_object **obj, uint8_t *outbuf, int *outfd,
-    size_t hdrlen, off_t size)
+    size_t max_in_mem_size, size_t hdrlen, off_t size)
 {
 	const struct got_error *err = NULL;
 	off_t tot;
@@ -986,7 +986,7 @@ got_object_raw_alloc(struct got_raw_object **obj, uint
 			goto done;
 		}
 #ifndef GOT_PACK_NO_MMAP
-		if (tot > 0 && tot <= SIZE_MAX) {
+		if (tot > 0 && tot <= max_in_mem_size) {
 			(*obj)->data = mmap(NULL, tot, PROT_READ,
 			    MAP_PRIVATE, *outfd, 0);
 			if ((*obj)->data == MAP_FAILED) {
blob - a03f6638af6fa2dafb07d148594a09931cb82389
blob + 312719b3bcc84abe056dab97015657c4a30442f6
--- lib/object_open_io.c
+++ lib/object_open_io.c
@@ -311,7 +311,8 @@ got_object_raw_open(struct got_raw_object **obj, int *
 			goto done;
 	}
 
-	err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size);
+	err = got_object_raw_alloc(obj, outbuf, outfd,
+	    GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size);
 	if (err)
 		goto done;
 
blob - 6f73aedbe642980b4fa794ca183e7f24c6239c85
blob + 86db216cc1bca6e3651b62b90bb2d68c238065dd
--- lib/object_open_privsep.c
+++ lib/object_open_privsep.c
@@ -509,7 +509,8 @@ got_object_raw_open(struct got_raw_object **obj, int *
 			goto done;
 	}
 
-	err = got_object_raw_alloc(obj, outbuf, outfd, hdrlen, size);
+	err = got_object_raw_alloc(obj, outbuf, outfd,
+	    GOT_DELTA_RESULT_SIZE_CACHED_MAX, hdrlen, size);
 	if (err)
 		goto done;