Re: [PATCH] bisect--helper: avoid segfault with bad syntax in start --term-.+

From: Junio C Hamano <gitster@pobox.com>
To: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>
Cc: git@vger.kernel.org, pranit.bauva@gmail.com
Subject: Re: [PATCH] bisect--helper: avoid segfault with bad syntax in start --term-.+
Date: Wed, 20 May 2020 13:20:16 -0700	[thread overview]
Message-ID: <xmqqimgquznj.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <20200520195214.62655-1-carenas@gmail.com> ("Carlo Marcelo Arenas =?utf-8?Q?Bel=C3=B3n=22's?= message of "Wed, 20 May 2020 12:52:14 -0700")

Carlo Marcelo Arenas Belón  <carenas@gmail.com> writes:

> 06f5608c14 (bisect--helper: `bisect_start` shell function partially in C,
> 2019-01-02) adds a lax parser for `git bisect start` which could result
> in a segfault under a bad syntax call.
>
> Detect if they are enough arguments left in the command line to use for
> --term-{old,good,new,bad} and throw the same syntax error the old shell
> script will show if not.

Thanks for a quick discovery and fix.  The bug is more than a year
old---I guess nobody uses custom bisect terms?

> While at it, remove and unnecessary (and incomplete) check for unknown
> arguments.
>
> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
> ---
>  builtin/bisect--helper.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c
> index c1c40b516d..37db7d2afa 100644
> --- a/builtin/bisect--helper.c
> +++ b/builtin/bisect--helper.c
> @@ -455,6 +455,8 @@ static int bisect_start(struct bisect_terms *terms, int no_checkout,
>  			no_checkout = 1;
>  		} else if (!strcmp(arg, "--term-good") ||
>  			 !strcmp(arg, "--term-old")) {
> +			if (argc - i <= 1)
> +				return error(_("'' is not a valid term"));
>  			must_write_terms = 1;
>  			free((void *) terms->term_good);
>  			terms->term_good = xstrdup(argv[++i]);

As the variable that counts up in the loop is "i", it is easier to
make the condition about "i", not about "difference between argc and
i", e.g.

			if (argc - 1 <= i)
				return error(...)

i.e. "The variable 'i' approached from 0 toward argc, and it went
past (argc - 1) already."  I used "<=" so that "went past" is more
obvious (i.e. imagine a number-line where things on the left hand
side are smaller than things on the right hand side).

I think incrementing 'i' upfront, once we know we want to read one
more from argv[], may make it even easier to read:

		} else if (... this is about term-good or term-old ...) {
			i++;
			if (argc <= i)
				return error(... missing arg ...);
			...
			terms->term_good = xstrdup(argv[i]);

The same comment applies to the handling of bad/new.

Thanks.