[PATCH] object-info: init request_info before reading arg

[PATCH] object-info: init request_info before reading arg

[Jiang Xin]

From: Jiang Xin <zhiyou.jx@alibaba-inc.com>

When retrieving object info via capability "object-info", we store the
command args into a requested_info variable, but forget to initialize
it. Initialize the variable before use to prevent unexpected output.

Signed-off-by: Jiang Xin <zhiyou.jx@alibaba-inc.com>
---
 protocol-caps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/protocol-caps.c b/protocol-caps.c
index 874bc815b4..94c51862c5 100644
--- a/protocol-caps.c
+++ b/protocol-caps.c
@@ -79,7 +79,7 @@ static void send_info(struct repository *r, struct packet_writer *writer,
 
 int cap_object_info(struct repository *r, struct packet_reader *request)
 {
-	struct requested_info info;
+	struct requested_info info = { 0 };
 	struct packet_writer writer;
 	struct string_list oid_str_list = STRING_LIST_INIT_DUP;
 
-- 
2.39.1.418.g7876265d61

Re: [PATCH] object-info: init request_info before reading arg

[Junio C Hamano]

Jiang Xin <worldhello.net@gmail.com> writes:

> From: Jiang Xin <zhiyou.jx@alibaba-inc.com>
>
> When retrieving object info via capability "object-info", we store the
> command args into a requested_info variable, but forget to initialize
> it. Initialize the variable before use to prevent unexpected output.

Good eyes.  We read the request packets to decide if we want to flip
the .size member of the structure, but the result would not make
much sense if the structure starts with a random garbage in it.

I wonder if we can tell our compilers (or runtime checker) to help
catch a mistake like this.  Did you see our sanitizers complain, or
something?

Will queue.  Thanks.

> Signed-off-by: Jiang Xin <zhiyou.jx@alibaba-inc.com>
> ---
>  protocol-caps.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/protocol-caps.c b/protocol-caps.c
> index 874bc815b4..94c51862c5 100644
> --- a/protocol-caps.c
> +++ b/protocol-caps.c
> @@ -79,7 +79,7 @@ static void send_info(struct repository *r, struct packet_writer *writer,
>  
>  int cap_object_info(struct repository *r, struct packet_reader *request)
>  {
> -	struct requested_info info;
> +	struct requested_info info = { 0 };
>  	struct packet_writer writer;
>  	struct string_list oid_str_list = STRING_LIST_INIT_DUP;

Re: [PATCH] object-info: init request_info before reading arg

[Jiang Xin]

On Tue, Apr 4, 2023 at 12:36 AM Junio C Hamano <gitster@pobox.com> wrote:
>
> Jiang Xin <worldhello.net@gmail.com> writes:
>
> > From: Jiang Xin <zhiyou.jx@alibaba-inc.com>
> >
> > When retrieving object info via capability "object-info", we store the
> > command args into a requested_info variable, but forget to initialize
> > it. Initialize the variable before use to prevent unexpected output.
>
> Good eyes.  We read the request packets to decide if we want to flip
> the .size member of the structure, but the result would not make
> much sense if the structure starts with a random garbage in it.
>
> I wonder if we can tell our compilers (or runtime checker) to help
> catch a mistake like this.  Did you see our sanitizers complain, or
> something?

I accidentally came across this issue when I wanted to implement a new
similar capability. I'm curious why adding "-Wuninitialized" or
"-Wmaybe-uninitialized" to gcc fails to spot this case.