From: Junio C Hamano <gitster@pobox.com>
To: John Keeping <john@keeping.me.uk>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 5/5] streaming: simplify attaching a filter
Date: Tue, 18 Feb 2014 16:02:20 -0800 [thread overview]
Message-ID: <xmqq8ut8as1f.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <xmqqd2ikasbe.fsf@gitster.dls.corp.google.com> (Junio C. Hamano's message of "Tue, 18 Feb 2014 15:56:21 -0800")
Junio C Hamano <gitster@pobox.com> writes:
> John Keeping <john@keeping.me.uk> writes:
>
>> We are guaranteed that 'nst' is non-null because it is allocated with
>> xmalloc(), and in fact we rely on this three lines later by
>> unconditionally dereferencing it.
>
> The intent of the original code is for attach_stream_filter() to
> detect an error condition and return NULL, in which case it closes
> the istream it allocated and signal error to the caller, I think,
> and falling thru to use st->anything and return st when that happens
> is *not* a guarantee that a-s-f will not detect an error ever, but
> rather is a bug in the error codepath.
In other words, something like this instead.
-- >8 --
Subject: [PATCH] open_istream(): do not dereference NULL in the error case
When stream-filter cannot be attached, it is expected to return NULL,
and we should close the stream we opened and signal an error by
returning NULL ourselves from this function.
However, we attempted to dereference that NULL pointer between the
point we detected the error and returned from the function.
Brought-to-attention-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
streaming.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/streaming.c b/streaming.c
index d7c9f32..2ff036a 100644
--- a/streaming.c
+++ b/streaming.c
@@ -152,8 +152,10 @@ struct git_istream *open_istream(const unsigned char *sha1,
if (filter) {
/* Add "&& !is_null_stream_filter(filter)" for performance */
struct git_istream *nst = attach_stream_filter(st, filter);
- if (!nst)
+ if (!nst) {
close_istream(st);
+ return NULL;
+ }
st = nst;
}
--
1.9.0-279-gdc9e3eb
prev parent reply other threads:[~2014-02-19 0:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-16 16:06 [PATCH 0/5] Miscellaneous fixes from static analysis John Keeping
2014-02-16 16:06 ` [PATCH 1/5] notes-utils: handle boolean notes.rewritemode correctly John Keeping
2014-02-16 16:22 ` David Kastrup
2014-02-18 7:46 ` Jeff King
2014-02-18 8:41 ` David Kastrup
2014-02-18 9:01 ` Jeff King
2014-02-18 9:36 ` David Kastrup
2014-02-16 16:06 ` [PATCH 2/5] utf8: fix iconv error detection John Keeping
2014-02-16 16:06 ` [PATCH 3/5] utf8: use correct type for values in interval table John Keeping
2014-02-16 16:06 ` [PATCH 4/5] builtin/mv: don't use memory after free John Keeping
2014-02-16 16:06 ` [PATCH 5/5] streaming: simplify attaching a filter John Keeping
2014-02-18 23:56 ` Junio C Hamano
2014-02-19 0:02 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq8ut8as1f.fsf@gitster.dls.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=john@keeping.me.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.