Re: git-core: try_to_follow_renames(): git killed by SIGSEGV

From: Ondrej Pohorelsky <opohorel@redhat.com>
To: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Cc: git@vger.kernel.org, "SZEDER Gábor" <szeder.dev@gmail.com>
Subject: Re: git-core: try_to_follow_renames(): git killed by SIGSEGV
Date: Tue, 10 Mar 2020 13:07:55 +0100	[thread overview]
Message-ID: <CA+B51BErxp0Nzcc=1Ress4tbDmKYmcCqUyC-fmD+8O8KdaZLZQ@mail.gmail.com> (raw)
In-Reply-To: <3c722d21-ee57-7d20-81fb-0399f02f1bc7@syntevo.com>

Thank you for your further analyzation and explanation.

I would love to make a patch for this bug, but sadly
I'm not fully aware of what is going on in this functions
and how they are affecting other git functionality.

I hope @szeder can look into this bug and provide more explanation
as he knows this code best.

Best regards,
Ondřej Pohořelský

On Fri, Mar 6, 2020 at 3:58 PM Alexandr Miloslavskiy
<alexandr.miloslavskiy@syntevo.com> wrote:
>
> Since I like studying crashes and noone else replied, I decided to have
> a look.
>
> The problem is easy to reproduce with this (replace 1.c with any file):
>    git log --follow -L 1,1:1.c -- 1.c
>
> It occurs because `opt->pathspec.items` gets cleaned here:
>      clear_pathspec
>      queue_diffs
>          /* must look at the full tree diff to detect renames */
>          clear_pathspec(&opt->pathspec);
>          DIFF_QUEUE_CLEAR(&diff_queued_diff);
>      process_ranges_ordinary_commit
>      process_ranges_arbitrary_commit
>      line_log_filter
>      prepare_revision_walk
>      cmd_log_walk
>      cmd_log
>
> And on next iteration it crashes in 'try_to_follow_renames' on this line:
>      diff_opts.single_follow = opt->pathspec.items[0].match;
>
> I think that bug comes from commit:
>      a2bb801f by SZEDER Gábor, 2019-08-21 13:04:24
>      line-log: avoid unnecessary full tree diffs
>
> @szeder could you please look into that?
>
> On 27.02.2020 13:56, Ondrej Pohorelsky wrote:
> > Hi,
> >
> > there is a SIGSEGV appearing in Fedora[0] with Git 2.24.1
> >
> > This bug started to appear after update to Git 2.24.1.
> > Bug reporter said that Git crashed on him while running VS Code with
> > Git Lens extension[1]
> > I have tried to reproduce this bug with my own compiled Git with debug
> > flags, but sadly SIGSEGV never appeared.
> >
> > To me it seems like there is a problem in commit a2bb801f6a[2] which
> > changes move_diff_queue() function. This function calls
> > diff_tree_oid() that calls try_to_follow_renames(). In the last two
> > functions there are no arguments checks.
> >
> > Best regards,
> > Ondřej Pohořelský
> >
> > [0] https://retrace.fedoraproject.org/faf/problems/bthash/?bth=25aa7d7267ab5de548ffca337115cb68f7b65105
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1791810
> > [2] https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2bb801f6a430f6049e5c9729a8f3bf9097d9b34
> >
>