From: Junio C Hamano <gitster@pobox.com>
To: Nicolas Pitre <nico@cam.org>
Cc: git@vger.kernel.org
Subject: Re: [BUG] commit walk machinery is dangerous !
Date: Mon, 14 Jul 2008 16:32:45 -0700 [thread overview]
Message-ID: <7vod50dote.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <alpine.LFD.1.10.0807141904250.12484@xanadu.home> (Nicolas Pitre's message of "Mon, 14 Jul 2008 19:08:59 -0400 (EDT)")
Nicolas Pitre <nico@cam.org> writes:
> It is those with semantic meaning (e.g. object doesn't exist) which
> should be audited, especially if used in the context of repository
> modification, which pretty much limits it to the test case I produced.
I've been wondering if we should make the change 8eca0b4 (implement some
resilience against pack corruptions, 2008-06-23) less aggressive.
It makes loose objects and data from other packs to be used as fallback
where we used to just punt, which is a genuine improvement for "salvaging"
mode of operation, but at the same time, it now forbids the callers to
expect that the objects they learned to exist from has_sha1_file() or
nth_packed_object_sha1() should never result NULL return value from
read_sha1_file().
It may make it safe again to fail if you cannot salvage using fallback
method after all. Something like the attached.
This is unrelated to the issue at hand, but I also notice that there are
few callsites outside sha1_file.c that bypasses cache_or_unpack_entry()
and call unpack_entry() directly. I wonder if they should be using the
cached version, making unpack_entry() static...
sha1_file.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/sha1_file.c b/sha1_file.c
index 2df78b5..55aa361 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1649,7 +1649,7 @@ static void *unpack_delta_entry(struct packed_git *p,
mark_bad_packed_object(p, base_sha1);
base = read_sha1_file(base_sha1, type, &base_size);
if (!base)
- return NULL;
+ exit(129);
}
delta_data = unpack_compressed_entry(p, w_curs, curpos, delta_size);
@@ -1946,6 +1946,8 @@ static void *read_packed_sha1(const unsigned char *sha1,
sha1_to_hex(sha1), (uintmax_t)e.offset, e.p->pack_name);
mark_bad_packed_object(e.p, sha1);
data = read_sha1_file(sha1, type, size);
+ if (!data)
+ exit(129);
}
return data;
}
next prev parent reply other threads:[~2008-07-14 23:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-14 20:54 [BUG] commit walk machinery is dangerous ! Nicolas Pitre
2008-07-14 21:55 ` Junio C Hamano
2008-07-14 23:08 ` Nicolas Pitre
2008-07-14 23:32 ` Junio C Hamano [this message]
2008-07-14 23:39 ` Nicolas Pitre
2008-07-15 1:46 ` [PATCH 1/2] restore legacy behavior for read_sha1_file() Nicolas Pitre
2008-07-15 1:50 ` [PATCH 2/2] test case for previous commit Nicolas Pitre
2008-07-15 5:12 ` [PATCH 1/2] restore legacy behavior for read_sha1_file() Nicolas Pitre
2008-07-15 5:10 ` unpack_entry (was: [BUG] commit walk machinery is dangerous !) Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vod50dote.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=nico@cam.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).