From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: Emily Shaffer <emilyshaffer@google.com>, git@vger.kernel.org
Subject: Re: [RFC PATCH] unpack-trees: watch for out-of-range index position
Date: Wed, 08 Jan 2020 09:30:36 -0800 [thread overview]
Message-ID: <xmqqeew93lfn.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <20200108071525.GB1675456@coredump.intra.peff.net> (Jeff King's message of "Wed, 8 Jan 2020 02:15:25 -0500")
Jeff King <peff@peff.net> writes:
> On Tue, Jan 07, 2020 at 06:31:27PM -0800, Emily Shaffer wrote:
>
>> This issue came in via a bugreport from a user who had done some nasty
>> things like deleting various files in .git/ (and then couldn't remember
>> how they had done it). The concern was primarily that a segfault is ugly
>> and scary, and possibly dangerous; I didn't see much problem with
>> checking for index-out-of-range if the result is a fatal error
>> regardless.
>>
>> [...]
>> if (pos >= 0)
>> BUG("This is a directory and should not exist in index");
>> pos = -pos - 1;
>> - if (!starts_with(o->src_index->cache[pos]->name, name.buf) ||
>> + if (pos >= o->src_index->cache_nr ||
>> + !starts_with(o->src_index->cache[pos]->name, name.buf) ||
>> (pos > 0 && starts_with(o->src_index->cache[pos-1]->name, name.buf)))
>> - BUG("pos must point at the first entry in this directory");
>> + BUG("pos %d doesn't point to the first entry of %s in index",
>> + pos, name.buf);
>
> The new condition you added looks correct to me. I suspect this BUG()
> should not be a BUG() at all, though. It's not necessarily a logic error
> inside Git, but as you showed it could indicate corrupt data we read
> from disk. The true is probably same of the "pos >= 0" condition checked
> above.
It does not sound like a BUG to me, either, but the new condition
does look correct to me, too. We can turn it into die() later if
somebody truly cares ;-)
Thanks, both. Will queue.
> It's mostly an academic distinction, though, as I think it would be
> pretty reasonable for now to just die() here (eventually, though, we
> might want to turn it into an error return).
>
> -Peff
next prev parent reply other threads:[~2020-01-08 17:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-08 2:31 [RFC PATCH] unpack-trees: watch for out-of-range index position Emily Shaffer
2020-01-08 7:15 ` Jeff King
2020-01-08 17:30 ` Junio C Hamano [this message]
2020-01-08 19:38 ` Emily Shaffer
2020-01-08 20:35 ` Junio C Hamano
2020-01-09 7:52 ` Jeff King
2020-01-09 22:46 ` Emily Shaffer
2020-01-10 6:37 ` Jeff King
2020-01-10 23:07 ` Emily Shaffer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqeew93lfn.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.