From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [PATCH] tag: avoid NULL pointer arithmetic
Date: Mon, 02 Oct 2017 13:13:00 +0900 [thread overview]
Message-ID: <xmqqwp4ep4qb.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <99e56671-bdf9-a59f-ae7b-758f1b7a8f14@web.de> ("René Scharfe"'s message of "Sun, 1 Oct 2017 16:45:13 +0200")
René Scharfe <l.s.r@web.de> writes:
> lookup_blob() etc. can return NULL if the referenced object isn't of the
> expected type. In theory it's wrong to reference the object member in
> that case. In practice it's OK because it's located at offset 0 for all
> types, so the pointer arithmetic (NULL + 0) is optimized out by the
> compiler. The issue is reported by Clang's AddressSanitizer, though.
>
> Avoid the ASan error by casting the results of the lookup functions to
> struct object pointers. That works fine with NULL pointers as well. We
> already rely on the object member being first in all object types in
> other places in the code.
>
> Signed-off-by: Rene Scharfe <l.s.r@web.de>
> ---
Yikes, that is tricky.
Taking the address of .object field appears to be a lot cleaner and
more kosher than casting, but from the compiler's point of view it's
quite the opposite. Sigh.
Thanks. The patch itself looks like the right solution to me.
> tag.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/tag.c b/tag.c
> index 7e10acfb6e..fcbe012f7a 100644
> --- a/tag.c
> +++ b/tag.c
> @@ -142,13 +142,13 @@ int parse_tag_buffer(struct tag *item, const void *data, unsigned long size)
> bufptr = nl + 1;
>
> if (!strcmp(type, blob_type)) {
> - item->tagged = &lookup_blob(&oid)->object;
> + item->tagged = (struct object *)lookup_blob(&oid);
> } else if (!strcmp(type, tree_type)) {
> - item->tagged = &lookup_tree(&oid)->object;
> + item->tagged = (struct object *)lookup_tree(&oid);
> } else if (!strcmp(type, commit_type)) {
> - item->tagged = &lookup_commit(&oid)->object;
> + item->tagged = (struct object *)lookup_commit(&oid);
> } else if (!strcmp(type, tag_type)) {
> - item->tagged = &lookup_tag(&oid)->object;
> + item->tagged = (struct object *)lookup_tag(&oid);
> } else {
> error("Unknown type %s", type);
> item->tagged = NULL;
next prev parent reply other threads:[~2017-10-02 4:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-01 14:45 [PATCH] tag: avoid NULL pointer arithmetic René Scharfe
2017-10-02 4:13 ` Junio C Hamano [this message]
2017-10-02 5:08 ` Jeff King
2017-10-02 13:06 ` René Scharfe
2017-10-02 19:23 ` Jeff King
2017-10-03 10:22 ` SZEDER Gábor
2017-10-03 12:51 ` René Scharfe
2017-10-03 13:47 ` [PATCH] fsck: check results of lookup_blob() and lookup_tree() for NULL René Scharfe
2017-10-04 4:00 ` Junio C Hamano
2017-10-05 19:41 ` René Scharfe
2017-10-05 19:41 ` [PATCH v2] fsck: handle NULL return of lookup_blob() and lookup_tree() René Scharfe
2017-10-06 2:23 ` Junio C Hamano
2017-10-06 16:21 ` René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqwp4ep4qb.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.