From: Matthieu Moy <Matthieu.Moy@imag.fr>
To: git@vger.kernel.org, gitster@pobox.com
Cc: Matthieu Moy <Matthieu.Moy@imag.fr>
Subject: [PATCH] sha1_name: fix segfault caused by invalid index access
Date: Sun, 28 Feb 2010 17:38:42 +0100 [thread overview]
Message-ID: <1267375122-13039-1-git-send-email-Matthieu.Moy@imag.fr> (raw)
In-Reply-To: <vpq7hpxl4cp.fsf@bauges.imag.fr>
009fee477 (Detailed diagnosis when parsing an object name fails,
2009-12-07) introduced some invalid index access, inspired by the code of
get_sha1_with_mode_1, which loops over the index entries having the same
name. In the diagnosis, we just want to find whether one entry with the
name is in the index, which is the case iff cache_name_pos's return value
is positive.
Trying anything complex on negative value is not only useless, but also
buggy here, since pos could end up being greater than active_nr, causing
a segfault in active_cache[pos]. This is always the case in bare
repositories, and happens when calling "git show :inexistant" if
"inexistant" is greater than the last index entry in alphabetical order.
Bug report and initial fix by Markus Heidelberg
<markus.heidelberg@web.de>.
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
---
sha1_name.c | 16 ++++++----------
1 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/sha1_name.c b/sha1_name.c
index 43884c6..fbbe3b4 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -990,15 +990,13 @@ static void diagnose_invalid_index_path(int stage,
/* Wrong stage number? */
pos = cache_name_pos(filename, namelen);
- if (pos < 0)
- pos = -pos - 1;
- ce = active_cache[pos];
- if (ce_namelen(ce) == namelen &&
- !memcmp(ce->name, filename, namelen))
+ if (pos >= 0) {
+ ce = active_cache[pos];
die("Path '%s' is in the index, but not at stage %d.\n"
"Did you mean ':%d:%s'?",
filename, stage,
ce_stage(ce), filename);
+ }
/* Confusion between relative and absolute filenames? */
fullnamelen = namelen + strlen(prefix);
@@ -1006,15 +1004,13 @@ static void diagnose_invalid_index_path(int stage,
strcpy(fullname, prefix);
strcat(fullname, filename);
pos = cache_name_pos(fullname, fullnamelen);
- if (pos < 0)
- pos = -pos - 1;
- ce = active_cache[pos];
- if (ce_namelen(ce) == fullnamelen &&
- !memcmp(ce->name, fullname, fullnamelen))
+ if (pos >= 0) {
+ ce = active_cache[pos];
die("Path '%s' is in the index, but not '%s'.\n"
"Did you mean ':%d:%s'?",
fullname, filename,
ce_stage(ce), fullname);
+ }
if (!lstat(filename, &st))
die("Path '%s' exists on disk, but not in the index.", filename);
--
1.7.0.231.g97960.dirty
next prev parent reply other threads:[~2010-02-28 16:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-28 15:49 [PATCH] sha1_name: fix segfault caused by invalid index access Markus Heidelberg
2010-02-28 16:20 ` Matthieu Moy
2010-02-28 16:38 ` Matthieu Moy [this message]
2010-02-28 18:13 ` Junio C Hamano
2010-02-28 16:25 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1267375122-13039-1-git-send-email-Matthieu.Moy@imag.fr \
--to=matthieu.moy@imag.fr \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).