manifest: avoid corruption by dropping removed files with pure (issue5801)
Previously, removed files would simply be marked by overwriting the first byte
with NUL and dropping their entry in `self.position`. But no effort was made to
ignore them when compacting the dictionary into text form. This allowed them to
slip into the manifest revision, since the code seems to be trying to minimize
the string operations by copying as large a chunk as possible. As part of this,
compact() walks the existing text based on entries in the `positions` list, and
consumed everything up to the next position entry. This typically resulted in
a ValueError complaining about unsorted manifest entries.
Sometimes it seems that files do get dropped in large repos- it seems to
correspond to there being a new entry that would take the same slot. A much
more trivial problem is that if the only changes were removals, `_compact()`
didn't even run because `__delitem__` doesn't add anything to `self.extradata`.
Now there's an explicit variable to flag this, both to allow `_compact()` to
run, and to avoid searching the manifest in cases where there are no removals.
In practice, this behavior was mostly obscured by the check in fastdelta() which
takes a different path that explicitly drops removed files if there are fewer
than 1000 changes. However, timeless has a repo where after rebasing tens of
commits, a totally different path[1] is taken that bypasses the change count
check and hits this problem.
[1] https://www.mercurial-scm.org/repo/hg/file/2338bdea4474/mercurial/manifest.py#l1511
--- a/mercurial/manifest.py Thu May 23 21:39:19 2019 -0400
+++ b/mercurial/manifest.py Thu May 23 21:54:24 2019 -0400
@@ -126,17 +126,20 @@
return (a > b) - (a < b)
class _lazymanifest(object):
- def __init__(self, data, positions=None, extrainfo=None, extradata=None):
+ def __init__(self, data, positions=None, extrainfo=None, extradata=None,
+ hasremovals=False):
if positions is None:
self.positions = self.findlines(data)
self.extrainfo = [0] * len(self.positions)
self.data = data
self.extradata = []
+ self.hasremovals = False
else:
self.positions = positions[:]
self.extrainfo = extrainfo[:]
self.extradata = extradata[:]
self.data = data
+ self.hasremovals = hasremovals
def findlines(self, data):
if not data:
@@ -244,6 +247,7 @@
self.extrainfo = self.extrainfo[:needle] + self.extrainfo[needle + 1:]
if cur >= 0:
self.data = self.data[:cur] + '\x00' + self.data[cur + 1:]
+ self.hasremovals = True
def __setitem__(self, key, value):
if not isinstance(key, bytes):
@@ -279,11 +283,11 @@
def copy(self):
# XXX call _compact like in C?
return _lazymanifest(self.data, self.positions, self.extrainfo,
- self.extradata)
+ self.extradata, self.hasremovals)
def _compact(self):
# hopefully not called TOO often
- if len(self.extradata) == 0:
+ if len(self.extradata) == 0 and not self.hasremovals:
return
l = []
i = 0
@@ -298,6 +302,16 @@
i += 1
if i == len(self.positions) or self.positions[i] < 0:
break
+
+ # A removed file has no positions[] entry, but does have an
+ # overwritten first byte. Break out and find the end of the
+ # current good entry/entries if there is a removed file
+ # before the next position.
+ if (self.hasremovals
+ and self.data.find('\n\x00', cur,
+ self.positions[i]) != -1):
+ break
+
offset += self.positions[i] - cur
cur = self.positions[i]
end_cut = self.data.find('\n', cur)
@@ -316,6 +330,7 @@
offset += len(l[-1])
i += 1
self.data = ''.join(l)
+ self.hasremovals = False
self.extradata = []
def _pack(self, d):
--- a/tests/test-manifest.t Thu May 23 21:39:19 2019 -0400
+++ b/tests/test-manifest.t Thu May 23 21:54:24 2019 -0400
@@ -219,7 +219,7 @@
> manifest = $TESTTMP/manifest.py
> EOF
-BROKEN: Pure removes should actually remove all dropped entries
+Pure removes should actually remove all dropped entries
$ hg init repo
$ cd repo
@@ -239,32 +239,25 @@
$ hg debugdata -m 1
a.txt\x00b789fdd96dc2f3bd229c1dd8eedf0fc60e2b68e3 (esc)
aa.txt\x00a4bdc161c8fbb523c9a60409603f8710ff49a571 (esc)
- \x00.txt\x001e88685f5ddec574a34c70af492f95b6debc8741 (esc) (pure !)
c.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
cc.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
ccc.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
- \x00.txt\x001e88685f5ddec574a34c70af492f95b6debc8741 (esc) (pure !)
e.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
- $ hg up -C . 2>&1 | grep ValueError || true
- raise ValueError("Manifest lines not in sorted order.") (pure !)
- ValueError: Manifest lines not in sorted order. (pure !)
+ $ hg up -qC .
- $ hg verify || true
+ $ hg verify
checking changesets
checking manifests
- manifest@1: reading delta c1f6b2f803ac: Non-hexadecimal digit found (pure !)
crosschecking files in changesets and manifests
checking files
checked 2 changesets with 8 changes to 8 files
- 1 integrity errors encountered! (pure !)
- (first damaged changeset appears to be 1) (pure !)
$ hg rollback -q --config ui.rollback=True
$ hg rm b.txt d.txt
$ echo bb > bb.txt
-BROKEN: A mix of adds and removes should remove all dropped entries.
+A mix of adds and removes should remove all dropped entries.
$ hg ci -Aqm 'remove b and d; add bb'
@@ -275,20 +268,11 @@
c.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
cc.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
ccc.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
- \x00.txt\x001e88685f5ddec574a34c70af492f95b6debc8741 (esc) (pure !)
e.txt\x00149da44f2a4e14f488b7bd4157945a9837408c00 (esc)
- $ hg up -C . 2>&1 | grep ValueError || true
- raise ValueError("Manifest lines not in sorted order.") (pure !)
- ValueError: Manifest lines not in sorted order. (pure !)
-
- $ hg verify || true
+ $ hg verify
checking changesets
checking manifests
- manifest@1: reading delta 0a0385480090: Manifest lines not in sorted order. (pure !)
crosschecking files in changesets and manifests
- bb.txt@1: in changeset but not in manifest (pure !)
checking files
checked 2 changesets with 9 changes to 9 files
- 2 integrity errors encountered! (pure !)
- (first damaged changeset appears to be 1) (pure !)