containers
/
storage
mirror of https://github.com/containers/storage.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chunked: prevent reuse of chunkedDiffer 

The chunkedDiffer object holds state and resources that are managed
within a single ApplyDiff call.  Reusing the same differ instance for
multiple ApplyDiff calls could lead to incorrect state or errors related
to already-closed resources.

Add a flag and check to ensure ApplyDiff cannot be called more than
once on the same chunkedDiffer instance, making its usage pattern explicit
and preventing potential misuse.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2025-04-29 22:01:29 +02:00
parent 65b1dc9e06
commit 719ebe0f4c
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/chunked/storage_linux.go
View File

@ -108,6 +108,7 @@ type chunkedDiffer struct {
zstdReader *zstd.Decoder
rawReader io.Reader
useFsVerity graphdriver.DifferFsVerity
used bool // the differ object was already used and cannot be used again for .ApplyDiff
}
var xattrsToIgnore = map[string]any{
@ -1388,6 +1389,11 @@ func typeToOsMode(typ string) (os.FileMode, error) {
}
func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, differOpts *graphdriver.DifferOptions) (graphdriver.DriverWithDifferOutput, error) {
if c.used {
return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("internal error: chunked differ already used")
}
c.used = true
defer c.layersCache.release()
defer func() {
if c.zstdReader != nil {