Re: BUG: Segfault on "git pull" on "bad object HEAD"

From: Duy Nguyen <pclouds@gmail.com>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: Git Mailing List <git@vger.kernel.org>,
	Junio C Hamano <gitster@pobox.com>
Subject: Re: BUG: Segfault on "git pull" on "bad object HEAD"
Date: Wed, 11 Jul 2018 17:56:56 +0200	[thread overview]
Message-ID: <CACsJy8BM7zJxgeM37YQ4Yh4bH=4iS5CJ2P_-4Vm3oA+cuQYkJA@mail.gmail.com> (raw)
In-Reply-To: <87k1q2c9zq.fsf@evledraar.gmail.com>

On Wed, Jul 11, 2018 at 1:02 PM Ævar Arnfjörð Bjarmason
<avarab@gmail.com> wrote:
>
> This segfaults, but should print an error instead, have a repo with a
> corrupt HEAD:
>
>     (
>         rm -rf /tmp/git &&
>         git clone --single-branch --branch todo git@github.com:git/git.git /tmp/git &&
>         echo 1111111111111111111111111111111111111111 >/tmp/git/.git/refs/heads/todo &&
>         git -C /tmp/git pull
>     )
>
> On this repository e.g. "git log" will print "fatal: bad object HEAD",
> but for some reason "git pull" makes it this far:
>
>     $ git pull
>     Segmentation fault
>
> The immediate reason is that in run_diff_index() we have this:
>
>         ent = revs->pending.objects;
>
> And that in this case that's NULL:

Probably because add_head_to_pending() in has_uncommitted_change()
does not add anything to the "pending" list because HEAD is broken.

I think if we make add_head_to_pending() return a boolean, then we can
check that if no HEAD is added, there's no point to run_diff_index and
has_uncommitted_changes() can return 0 immediately.

A new BUG() could still be added in run_diff_index() though, to check
if revs->pending.nr is non-zero before attempting to access
revs->pending.objects.

>
>     (gdb) bt
>     #0  0x000055555565993f in run_diff_index (revs=0x7fffffffcb90, cached=1) at diff-lib.c:524
>     #1  0x00005555557633da in has_uncommitted_changes (ignore_submodules=1) at wt-status.c:2345
>     #2  0x00005555557634c9 in require_clean_work_tree (action=0x555555798f18 "pull with rebase", hint=0x555555798efb "please commit or stash them.", ignore_submodules=1, gently=0) at wt-status.c:2370
>     #3  0x00005555555dbdee in cmd_pull (argc=0, argv=0x7fffffffd868, prefix=0x0) at builtin/pull.c:885
>     #4  0x000055555556c9da in run_builtin (p=0x555555a2de50 <commands+1872>, argc=1, argv=0x7fffffffd868) at git.c:417
>     #5  0x000055555556cce2 in handle_builtin (argc=1, argv=0x7fffffffd868) at git.c:633
>     #6  0x000055555556ce8a in run_argv (argcp=0x7fffffffd71c, argv=0x7fffffffd710) at git.c:685
>     #7  0x000055555556d03f in cmd_main (argc=1, argv=0x7fffffffd868) at git.c:762
>     #8  0x0000555555611786 in main (argc=3, argv=0x7fffffffd858) at common-main.c:45
>     (gdb) p revs
>     $4 = (struct rev_info *) 0x7fffffffcb90
>     (gdb) p revs->pending
>     $5 = {nr = 0, alloc = 0, objects = 0x0}
>     (gdb)
>
> This has been an issue since at least v2.8.0 (didn't test back
> further). I'm not familiar with the status / diff code, so I'm not sure
> where the assertion should be added.
>
> This came up in the wild due to a user with a corrupt repo (don't know
> how it got corrupt) trying "git pull" and seeing git segfault.

-- 
Duy