From 719ebe0f4c6574dbf9b6f52b1ba8a4507bdf7809 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 29 Apr 2025 22:01:29 +0200 Subject: [PATCH] chunked: prevent reuse of chunkedDiffer The chunkedDiffer object holds state and resources that are managed within a single ApplyDiff call. Reusing the same differ instance for multiple ApplyDiff calls could lead to incorrect state or errors related to already-closed resources. Add a flag and check to ensure ApplyDiff cannot be called more than once on the same chunkedDiffer instance, making its usage pattern explicit and preventing potential misuse. Signed-off-by: Giuseppe Scrivano --- pkg/chunked/storage_linux.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/chunked/storage_linux.go b/pkg/chunked/storage_linux.go index d10f6798d..64631e786 100644 --- a/pkg/chunked/storage_linux.go +++ b/pkg/chunked/storage_linux.go @@ -108,6 +108,7 @@ type chunkedDiffer struct { zstdReader *zstd.Decoder rawReader io.Reader useFsVerity graphdriver.DifferFsVerity + used bool // the differ object was already used and cannot be used again for .ApplyDiff } var xattrsToIgnore = map[string]any{ @@ -1388,6 +1389,11 @@ func typeToOsMode(typ string) (os.FileMode, error) { } func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, differOpts *graphdriver.DifferOptions) (graphdriver.DriverWithDifferOutput, error) { + if c.used { + return graphdriver.DriverWithDifferOutput{}, fmt.Errorf("internal error: chunked differ already used") + } + c.used = true + defer c.layersCache.release() defer func() { if c.zstdReader != nil {