All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Git Mailing List <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>
Subject: BUG: Segfault on "git pull" on "bad object HEAD"
Date: Wed, 11 Jul 2018 13:00:57 +0200	[thread overview]
Message-ID: <87k1q2c9zq.fsf@evledraar.gmail.com> (raw)

This segfaults, but should print an error instead, have a repo with a
corrupt HEAD:

    (
        rm -rf /tmp/git &&
        git clone --single-branch --branch todo git@github.com:git/git.git /tmp/git &&
        echo 1111111111111111111111111111111111111111 >/tmp/git/.git/refs/heads/todo &&
        git -C /tmp/git pull
    )

On this repository e.g. "git log" will print "fatal: bad object HEAD",
but for some reason "git pull" makes it this far:

    $ git pull
    Segmentation fault

The immediate reason is that in run_diff_index() we have this:

	ent = revs->pending.objects;

And that in this case that's NULL:

    (gdb) bt
    #0  0x000055555565993f in run_diff_index (revs=0x7fffffffcb90, cached=1) at diff-lib.c:524
    #1  0x00005555557633da in has_uncommitted_changes (ignore_submodules=1) at wt-status.c:2345
    #2  0x00005555557634c9 in require_clean_work_tree (action=0x555555798f18 "pull with rebase", hint=0x555555798efb "please commit or stash them.", ignore_submodules=1, gently=0) at wt-status.c:2370
    #3  0x00005555555dbdee in cmd_pull (argc=0, argv=0x7fffffffd868, prefix=0x0) at builtin/pull.c:885
    #4  0x000055555556c9da in run_builtin (p=0x555555a2de50 <commands+1872>, argc=1, argv=0x7fffffffd868) at git.c:417
    #5  0x000055555556cce2 in handle_builtin (argc=1, argv=0x7fffffffd868) at git.c:633
    #6  0x000055555556ce8a in run_argv (argcp=0x7fffffffd71c, argv=0x7fffffffd710) at git.c:685
    #7  0x000055555556d03f in cmd_main (argc=1, argv=0x7fffffffd868) at git.c:762
    #8  0x0000555555611786 in main (argc=3, argv=0x7fffffffd858) at common-main.c:45
    (gdb) p revs
    $4 = (struct rev_info *) 0x7fffffffcb90
    (gdb) p revs->pending
    $5 = {nr = 0, alloc = 0, objects = 0x0}
    (gdb)

This has been an issue since at least v2.8.0 (didn't test back
further). I'm not familiar with the status / diff code, so I'm not sure
where the assertion should be added.

This came up in the wild due to a user with a corrupt repo (don't know
how it got corrupt) trying "git pull" and seeing git segfault.

             reply	other threads:[~2018-07-11 11:01 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-11 11:00 Ævar Arnfjörð Bjarmason [this message]
2018-07-11 13:34 ` BUG: Segfault on "git pull" on "bad object HEAD" Jeff King
2018-07-11 14:14   ` [PATCH] has_uncommitted_changes(): fall back to empty tree Jeff King
2018-07-11 14:41     ` Ævar Arnfjörð Bjarmason
2018-07-11 15:00       ` Jeff King
2018-07-11 17:09   ` BUG: Segfault on "git pull" on "bad object HEAD" Junio C Hamano
2018-07-11 15:56 ` Duy Nguyen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k1q2c9zq.fsf@evledraar.gmail.com \
    --to=avarab@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.