mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

parse_commit_buffer(): treat lookup_tree() failure as parse error

Browse Source 
If parsing a commit yields a valid tree oid, but we've seen that same
oid as a non-tree in the same process, the resulting commit struct will
end up with a NULL tree pointer, but not otherwise report a parsing
failure.

That's perhaps convenient for callers which want to operate on even
partially corrupt commits (e.g., by still looking at the parents). But
it leaves a potential trap for most callers, who now have to manually
check for a NULL tree. Most do not, and it's likely that there are
possible segfaults lurking. I say "possible" because there are many
candidates, and I don't think it's worth following through on
reproducing them when we can just fix them all in one spot. And
certainly we _have_ seen real-world cases, such as the one fixed by
806278dead (commit-graph.c: handle corrupt/missing trees, 2019-09-05).

Note that we can't quite drop the check in the caller added by that
commit yet, as there's some subtlety with repeated parsings (which will
be addressed in a future commit).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King
2019-10-18 00:43:29 -04:00
committed by Junio C Hamano
parent c78fe00459
commit 12736d2f02
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
commit.c
View File

@ -401,6 +401,7 @@ int parse_commit_buffer(struct repository *r, struct commit *item, const void *b
struct commit_graft *graft; struct commit_graft *graft;
const int tree_entry_len = the_hash_algo->hexsz + 5; const int tree_entry_len = the_hash_algo->hexsz + 5;
const int parent_entry_len = the_hash_algo->hexsz + 7; const int parent_entry_len = the_hash_algo->hexsz + 7;
struct tree *tree;
if (item->object.parsed) if (item->object.parsed)
return 0; return 0;
@ -412,7 +413,12 @@ int parse_commit_buffer(struct repository *r, struct commit *item, const void *b
if (get_oid_hex(bufptr + 5, &parent) < 0) if (get_oid_hex(bufptr + 5, &parent) < 0)
return error("bad tree pointer in commit %s", return error("bad tree pointer in commit %s",
oid_to_hex(&item->object.oid)); oid_to_hex(&item->object.oid));
set_commit_tree(item, lookup_tree(r, &parent)); tree = lookup_tree(r, &parent);
if (!tree)
return error("bad tree pointer %s in commit %s",
oid_to_hex(&parent),
oid_to_hex(&item->object.oid));
set_commit_tree(item, tree);
bufptr += tree_entry_len + 1; /* "tree " + "hex sha1" + "\n" */ bufptr += tree_entry_len + 1; /* "tree " + "hex sha1" + "\n" */
pptr = &item->parents; pptr = &item->parents;