Stefan Fuhrmann <stefan.fuhrm...@wandisco.com> writes: > On Mon, Jul 30, 2012 at 12:40 PM, Philip Martin > <philip.mar...@wandisco.com>wrote: > >> When the commit process finds a representation in the rep-cache the only >> sanity check that happens is that the revision must be less than or >> equal to HEAD. We don't check that the offset is valid: >> >> echo foo > foo >> svnadmin create repo >> svn import -mm foo file://`pwd`/repo/A/f >> sqlite3 repo/db/rep-cache.db "update rep_cache set offset = 4" >> svn import -mm foo file://`pwd`/repo/A/g >> >> or that the checksum at that offset matches: >> >> echo foo > foo >> echo bar > bar >> svnadmin create repo >> svn import -mm foo file://`pwd`/repo/A/f >> sqlite3 repo/db/rep-cache.db "update rep_cache set >> hash='e242ed3bffccdf271b7fbaf34ed72d089537b42f'" >> svn import -mm bar file://`pwd`/repo/A/g >> >> In both cases corruption in the rep-cache leads to corruption in the >> revision files but that corruption is not detected by commit process >> even though subsequent checkouts will fail. >> > > Has that kind of corruption been observed in the wild?
I'm not aware of any reports. I did start looking at this because of a repository with an incorrect offset referring to an older revision file but that now appears to be a different problem. >> Should we do more sanity checking? We are using rep-cache to discard >> data supplied by the client on the basis that it is already present in >> the repository. Should we check that the offset really is a representation >> with the expected checksum? >> > > The full verification would look like this: > * recursively enumerate all noderevs in the rep's revision > * check that at least one uses the rep > * read the rep and verify the checksum > > This seems quite costly to do during commit - in particular during > imports and similar mass commit operations. On commit we would only want to verify that a revision/offset obtained from the cache really was a representation. I suppose we might want to construct the full-text corresponding to the representation to verify the checksum. We do not need to verify the whole revision or the whole rep-cache. -- Certified & Supported Apache Subversion Downloads: http://www.wandisco.com/subversion/download
