operations: Validate object type before updating file (!7902) · Merge requests · GitLab.org / Gitaly

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

I discovered a critical bug in the UserCommitFiles RPC where updating a file using a path that points to a directory instead of a regular file causes repository corruption.

Reproduction steps using the GitLab API:

  $ curl --request PUT --header "PRIVATE-TOKEN: ******" "https://gitlab.com/api/v4/projects/blanet-xx%2Fdemo/repository/files/path%2Fto?branch=test-repo&content=hello&commit_message=demo"

The API returns a 200 OK response:

{"file_path":"path/to","branch":"test-repo"}

However, cloning the repository afterward results in errors indicating corruption:

  $ git clone git@gitlab.com:blanet-xx/demo.git
  Cloning into 'demo'...
  remote: error: Object b6fc4c620b67d95f953a5c1c1230aaab5db5a1b0 not a tree
  remote: fatal: bad tree object b6fc4c620b67d95f953a5c1c1230aaab5db5a1b0
  remote: error executing git hook
  remote: aborting due to possible repository corruption on the remote side.
  fatal: early EOF
  error: git upload-pack: git-pack-objects died with error.
  fatal: git upload-pack: aborting due to possible repository corruption on the remote side.
  fatal: fetch-pack: invalid index-pack output

After some digging I find that the PRC lacks necessary validation on object type before calls root.Modify, which blindly overwrites OID when a matching Path is found.

And the fix is straightforward, let's add an object type validation before the tree modification.

Edited May 21, 2025 by Xing Xin

operations: Validate object type before updating file

Merge request reports