All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrey Okoshkin <a.okoshkin@samsung.com>
To: git@vger.kernel.org
Cc: peff@peff.net, pclouds@gmail.com, gitster@pobox.com,
	l.s.r@web.de, avarab@gmail.com, krh@redhat.com,
	rctay89@gmail.com, Ivan Arishchenko <i.arishchenk@samsung.com>,
	Mikhail Labiuk <m.labiuk@samsung.com>
Subject: [PATCH] commit: check result of resolve_ref_unsafe
Date: Wed, 18 Oct 2017 20:00:43 +0300	[thread overview]
Message-ID: <0e396c24-167f-901e-9122-cdc17164ec1e@samsung.com> (raw)
In-Reply-To: CGME20171018170047epcas2p4310be357e11e194d6d08ac3bdc478ba3@epcas2p4.samsung.com

Add check of the resolved HEAD reference while printing of a commit summary.
resolve_ref_unsafe() may return NULL pointer if underlying calls of lstat() or
open() fail in files_read_raw_ref().
Such situation can be caused by race: file becomes inaccessible to this moment.

Signed-off-by: Andrey Okoshkin <a.okoshkin@samsung.com>
---
Hello,
I've injected a fault to git binary with the internal tool for fault tolerance
evaluation.

lstat() or open() calls return '-1', errno is set to 'EACCES':
#0 0x6559a4 in files_read_raw_ref refs/files-backend.c:686
#1 0x642816 in refs_read_raw_ref /home/tesla/devel/repos/git/refs.c:1392
#2 0x642a69 in refs_resolve_ref_unsafe /home/tesla/devel/repos/git/refs.c:1431
#3 0x6443ce in resolve_ref_unsafe /home/tesla/devel/repos/git/refs.c:1483
#4 0x44822e in print_summary builtin/commit.c:1485
#5 0x44822e in cmd_commit builtin/commit.c:1817
#6 0x4084f5 in run_builtin /home/tesla/devel/repos/git/git.c:342
#7 0x4084f5 in handle_builtin /home/tesla/devel/repos/git/git.c:550
#8 0x40997b in run_argv /home/tesla/devel/repos/git/git.c:602
#9 0x40997b in cmd_main /home/tesla/devel/repos/git/git.c:679
#10 0x408087 in main /home/tesla/devel/repos/git/common-main.c:43

As a result git crashes silently with SIGSEGV at 'strcmp(head, "HEAD")':
#0 0x447c16 in print_summary builtin/commit.c:1486
#1 0x447c16 in cmd_commit builtin/commit.c:1817
#2 0x4084f5 in run_builtin /home/tesla/devel/repos/git/git.c:342
#3 0x4084f5 in handle_builtin /home/tesla/devel/repos/git/git.c:550
#4 0x40997b in run_argv /home/tesla/devel/repos/git/git.c:602
#5 0x40997b in cmd_main /home/tesla/devel/repos/git/git.c:679
#6 0x408087 in main /home/tesla/devel/repos/git/common-main.c:43

It seems that in a real life it's very difficult to reproduce such behaviour
because the readability of '.git' directory is checked before. But still the
NULL pointer result returned by resolve_ref_unsafe() is not checked anyhow.
That's why I'm not sure whether it's a bug or not.

Best regards,
Andrey

 builtin/commit.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/builtin/commit.c b/builtin/commit.c
index 1a0da71a4..71a58dea3 100644
--- a/builtin/commit.c
+++ b/builtin/commit.c
@@ -1483,6 +1483,8 @@ static void print_summary(const char *prefix, const struct object_id *oid,
 	diff_setup_done(&rev.diffopt);
 
 	head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL);
+	if (!head)
+		BUG("unable to resolve HEAD reference");
 	if (!strcmp(head, "HEAD"))
 		head = _("detached HEAD");
 	else
-- 
2.14.2

       reply	other threads:[~2017-10-18 17:00 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20171018170047epcas2p4310be357e11e194d6d08ac3bdc478ba3@epcas2p4.samsung.com>
2017-10-18 17:00 ` Andrey Okoshkin [this message]
2017-10-18 18:34   ` [PATCH] commit: check result of resolve_ref_unsafe Jeff King
2017-10-19  0:41     ` Junio C Hamano
2017-10-19  2:49       ` Jeff King
2017-10-19  9:33         ` Andrey Okoshkin
2017-10-19  9:36   ` [PATCH v2] " Andrey Okoshkin
2017-10-19 17:44     ` Jeff King
2017-10-19 17:46       ` [PATCH 1/4] test-ref-store: avoid passing NULL to printf Jeff King
2017-10-19 17:47       ` [PATCH 2/4] remote: handle broken symrefs Jeff King
2017-10-19 17:53         ` Jeff King
2017-10-19 17:49       ` [PATCH 3/4] log: handle broken HEAD in decoration check Jeff King
2017-10-19 17:49       ` [PATCH 4/4] worktree: handle broken symrefs in find_shared_symref() Jeff King
2017-10-21 10:49         ` Eric Sunshine
2017-10-21 19:26           ` Jeff King
2017-10-22  0:46             ` Junio C Hamano
2017-10-20 10:40       ` [PATCH v2] commit: check result of resolve_ref_unsafe Andrey Okoshkin
2017-10-20 11:03       ` [PATCH v3] " Andrey Okoshkin
2017-10-20 13:09         ` [PATCH v4] " Andrey Okoshkin
2017-10-21  6:19           ` Jeff King
2017-10-22  0:46             ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0e396c24-167f-901e-9122-cdc17164ec1e@samsung.com \
    --to=a.okoshkin@samsung.com \
    --cc=avarab@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=i.arishchenk@samsung.com \
    --cc=krh@redhat.com \
    --cc=l.s.r@web.de \
    --cc=m.labiuk@samsung.com \
    --cc=pclouds@gmail.com \
    --cc=peff@peff.net \
    --cc=rctay89@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.