From d3cfc1932e71994ec866f6bea67615c58878f952 Mon Sep 17 00:00:00 2001
From: Runxi Yu
Date: Sat, 28 Mar 2026 16:13:55 +0000
Subject: object/store/packed: Expect length and verify Adler-32

---
 object/store/packed/entry_inflate.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'object/store/packed/entry_inflate.go')

diff --git a/object/store/packed/entry_inflate.go b/object/store/packed/entry_inflate.go
index 1c3943e9..f79d86c0 100644
--- a/object/store/packed/entry_inflate.go
+++ b/object/store/packed/entry_inflate.go
@@ -7,6 +7,7 @@ import (
 	"math"
 
 	"codeberg.org/lindenii/furgit/internal/compress/zlib"
+	"codeberg.org/lindenii/furgit/internal/iolimit"
 )
 
 // zlibReaderAt opens a zlib reader starting at data offset within pack.
@@ -36,6 +37,7 @@ func inflateAt(pack *packFile, offset int, expectedSize int64) ([]byte, error) {
 			)
 		}
 
+		reader := iolimit.ExpectLengthReader(reader, expectedSize)
 		body := make([]byte, int(expectedSize))
 
 		_, err := io.ReadFull(reader, body)
@@ -43,6 +45,13 @@ func inflateAt(pack *packFile, offset int, expectedSize int64) ([]byte, error) {
 			return nil, err
 		}
 
+		var probe [1]byte
+
+		_, err = reader.Read(probe[:])
+		if err != nil && err != io.EOF {
+			return nil, err
+		}
+
 		return body, nil
 	}
 
-- 
cgit v1.3.1-10-gc9f91