From: Taylor Blau <me@ttaylorr.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, Jeff King <peff@peff.net>,
Elijah Newren <newren@gmail.com>
Subject: Re: [PATCH 1/8] t/helper: add 'test-tool bitmap write' subcommand
Date: Tue, 14 Apr 2026 17:40:12 -0400 [thread overview]
Message-ID: <ad60PJ/pM/wG3krQ@nand.local> (raw)
In-Reply-To: <xmqqeckh9uew.fsf@gitster.g>
On Tue, Apr 14, 2026 at 01:08:39PM -0700, Junio C Hamano wrote:
> What happens when a repeated call to this function to add many
> objects (those contained within the pack we are iterating over)
> caused the packlist_alloc() to realloc data->packed->objects[] array
> eventually? Wouldn't it invalidate the address of &entry->idx we
> are taking from before the realloc() happens?
>
> I must be missing something?
Good catch, I'm the one that is missing something here, not you. This is
definitely a use-after-realloc(), though in practice it won't bite us
because we are likely extending into an over-sized heap allocation
without actually moving the data.
I don't know why I thought we allocated the packlist with a fixed size
equal to p->num_objects ahead of time, but we don't, and this is clearly
a bug.
Will fix, and thanks again for spotting.
Thanks,
Taylor
next prev parent reply other threads:[~2026-04-14 21:40 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 23:56 [PATCH 0/8] pack-bitmap: fix various pseudo-merge bugs Taylor Blau
2026-04-13 23:56 ` [PATCH 1/8] t/helper: add 'test-tool bitmap write' subcommand Taylor Blau
2026-04-14 19:48 ` Junio C Hamano
2026-04-14 21:29 ` Taylor Blau
2026-04-14 21:34 ` Junio C Hamano
2026-04-14 21:40 ` Taylor Blau
2026-04-14 20:08 ` Junio C Hamano
2026-04-14 21:40 ` Taylor Blau [this message]
2026-04-19 0:24 ` Elijah Newren
2026-04-21 18:51 ` Taylor Blau
2026-04-13 23:56 ` [PATCH 2/8] t5333: demonstrate various pseudo-merge bugs Taylor Blau
2026-04-19 0:25 ` Elijah Newren
2026-04-13 23:56 ` [PATCH 3/8] pack-bitmap-write: sort pseudo-merge commit lookup table in pack order Taylor Blau
2026-04-13 23:56 ` [PATCH 4/8] pack-bitmap: fix inverted binary search in `pseudo_merge_at()` Taylor Blau
2026-04-13 23:56 ` [PATCH 5/8] pack-bitmap: fix pseudo-merge lookup for shared commits Taylor Blau
2026-04-13 23:56 ` [PATCH 6/8] pack-bitmap: parse commits in `find_pseudo_merge_group_for_ref()` Taylor Blau
2026-04-13 23:56 ` [PATCH 7/8] pack-bitmap: reject pseudo-merge "sampleRate" of 0 Taylor Blau
2026-04-19 0:26 ` Elijah Newren
2026-04-13 23:57 ` [PATCH 8/8] pack-bitmap: prevent pattern leak on pseudo-merge re-assignment Taylor Blau
2026-04-21 20:01 ` [PATCH v2 0/9] pack-bitmap: fix various pseudo-merge bugs Taylor Blau
2026-04-21 20:01 ` [PATCH v2 1/9] t/helper: add 'test-tool bitmap write' subcommand Taylor Blau
2026-04-21 20:01 ` [PATCH v2 2/9] t5333: demonstrate various pseudo-merge bugs Taylor Blau
2026-04-21 20:02 ` [PATCH v2 3/9] pack-bitmap-write: sort pseudo-merge commit lookup table in pack order Taylor Blau
2026-04-21 20:02 ` [PATCH v2 4/9] pack-bitmap: fix inverted binary search in `pseudo_merge_at()` Taylor Blau
2026-04-21 20:02 ` [PATCH v2 5/9] pack-bitmap: fix pseudo-merge lookup for shared commits Taylor Blau
2026-04-21 20:02 ` [PATCH v2 6/9] pack-bitmap: parse commits in `find_pseudo_merge_group_for_ref()` Taylor Blau
2026-04-21 20:02 ` [PATCH v2 7/9] pack-bitmap: reject pseudo-merge "sampleRate" of 0 Taylor Blau
2026-04-21 20:02 ` [PATCH v2 8/9] Documentation: fix broken `sampleRate` in gitpacking(7) Taylor Blau
2026-04-21 20:02 ` [PATCH v2 9/9] pack-bitmap: prevent pattern leak on pseudo-merge re-assignment Taylor Blau
2026-04-22 1:37 ` [PATCH v2 0/9] pack-bitmap: fix various pseudo-merge bugs Elijah Newren
2026-05-11 2:53 ` Junio C Hamano
2026-05-12 0:48 ` Taylor Blau
2026-05-12 0:10 ` Taylor Blau
2026-05-12 0:46 ` [PATCH v3 " Taylor Blau
2026-05-12 0:46 ` [PATCH v3 1/9] t/helper: add 'test-tool bitmap write' subcommand Taylor Blau
2026-05-12 0:46 ` [PATCH v3 2/9] t5333: demonstrate various pseudo-merge bugs Taylor Blau
2026-05-12 0:46 ` [PATCH v3 3/9] pack-bitmap-write: sort pseudo-merge commit lookup table in pack order Taylor Blau
2026-05-12 0:46 ` [PATCH v3 4/9] pack-bitmap: fix inverted binary search in `pseudo_merge_at()` Taylor Blau
2026-05-12 0:47 ` [PATCH v3 5/9] pack-bitmap: fix pseudo-merge lookup for shared commits Taylor Blau
2026-05-12 0:47 ` [PATCH v3 6/9] pack-bitmap: parse commits in `find_pseudo_merge_group_for_ref()` Taylor Blau
2026-05-12 0:47 ` [PATCH v3 7/9] pack-bitmap: reject pseudo-merge "sampleRate" of 0 Taylor Blau
2026-05-12 0:47 ` [PATCH v3 8/9] Documentation: fix broken `sampleRate` in gitpacking(7) Taylor Blau
2026-05-12 0:47 ` [PATCH v3 9/9] pack-bitmap: prevent pattern leak on pseudo-merge re-assignment Taylor Blau
2026-05-12 1:38 ` [PATCH v3 0/9] pack-bitmap: fix various pseudo-merge bugs Junio C Hamano
2026-05-12 1:46 ` Taylor Blau
2026-05-12 1:49 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad60PJ/pM/wG3krQ@nand.local \
--to=me@ttaylorr.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=newren@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox