Re: [PATCH v2] branch: segfault fixes and validation

[Junio C Hamano <gitster@pobox.com>]

Nguyễn Thái Ngọc Duy  <pclouds@gmail.com> writes:

> branch_get() can return NULL (so far on detached HEAD only) but some
> code paths in builtin/branch.c cannot deal with that and cause
> segfaults. While at there, make sure we bail out when the user gives 2
> or more arguments, but we only process the first one and silently
> ignore the rest.

Explain "2 or more arguments" in what context, perhaps?  Otherwise
it makes it sound as if "git branch foo bar baz" is covered with
this patch, no?

> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
>  On Fri, Feb 22, 2013 at 12:47 AM, Junio C Hamano <gitster@pobox.com> wrote:
>  > Nguyễn Thái Ngọc Duy  <pclouds@gmail.com> writes:
>  >
>  >> branch_get() can return NULL (so far on detached HEAD only)...
>  >
>  > Do you anticipate any other cases where the API call should validly
>  > return NULL?
>  
>  No. But I do not see any guarantee that it may never do that in
>  future either. Which is why I was deliberately vague with "could not
>  figure out...". But you also correctly observed my laziness there. So
>  how about this? It makes a special case for HEAD but not insist on
>  detached HEAD as the only cause.

Sure.  It looks better.

What you can do is to have a single helper function that can explain
why branch_get() returned NULL (or extend branch_get() to serve that
purpose as well); then you do not have to duplicate the logic twice
on the caller's side (and there may be other callers that want to do
the same).

> diff --git a/builtin/branch.c b/builtin/branch.c
> index 6371bf9..82ed337 100644
> --- a/builtin/branch.c
> +++ b/builtin/branch.c
> @@ -889,6 +889,15 @@ int cmd_branch(int argc, const char **argv, const char *prefix)
>  	} else if (new_upstream) {
>  		struct branch *branch = branch_get(argv[0]);
>  
> +		if (argc > 1)
> +			die(_("too many branches to set new upstream"));
> +
> +		if (!branch) {
> +			if (!argc || !strcmp(argv[0], "HEAD"))
> +				die(_("HEAD does not point to any branch. Is it detached?"));
> +			die(_("no such branch '%s'"), argv[0]);
> +		}
> +
>  		if (!ref_exists(branch->refname))
>  			die(_("branch '%s' does not exist"), branch->name);

The latter part of the new code triggers when branch_get() returns
NULL while doing "git branch --set-upstream-to=X [Y]".  When "Y" is
string "HEAD" or missing, the first die() is triggered and says a
funny thing. If HEAD does not point to any branch, by definition it
is detached.  The user may say "Yes, I know it is detached." but the
message does not help the user to figure out what to do next.

Instead of asking "Is it detached?", perhaps we can say something
like "You told me to set the upstream of HEAD to branch X, but " in
front?  At least, that will be a better explanation for the reason
why the operation is failing.

The existing test might be wrong, by the way.  Your HEAD may point
at a branch Y but you may not have any commit on it yet, and you may
want to allow setting the upstream of that to-be-born branch to
another branch X with "branch --set-upstream-to=X [Y|HEAD]".

While I think it is insane to do anything before creating the first
commit on your current branch (or using "checkout --orphan" in
general) and it may not be worth our time to babysit users who do
so, but the following sequence may feel natural to them:

	git checkout --orphan X
        git branch --set-upstream-to=master

	... perhaps create an initial commit, perhaps not ...

	git merge @{upstream}

For that to work sanely, perhaps the pattern

	branch = branch_get();
        if (!branch)
		die due to no branch;
	if (!ref_exists(branch->refname))
		die due to typo in branch name

may need to be fixed globally, replacing ref_exists(branch->refname)
with branch_exists(branch) that returns true if branch->refname is
an existing ref, or the branch in question was obtained by checking
with current_branch (in remote.c), or something like that.