Skip to content

Some defensive programming #1890

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Some defensive programming #1890

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
604e67e
revision: defensive programming
dscho Dec 16, 2022
35c4870
get_parent(): defensive programming
dscho Dec 16, 2022
9cafbd3
fetch-pack: defensive programming
dscho Dec 16, 2022
dcc04af
unparse_commit(): defensive programming
dscho Dec 16, 2022
721402d
verify_commit_graph(): defensive programming
dscho Dec 16, 2022
130251b
stash: defensive programming
dscho Dec 16, 2022
81e873e
stash: defensive programming
dscho Dec 16, 2022
8d1efe0
push: defensive programming
dscho Dec 16, 2022
d839766
fetch: defensive programming
dscho Dec 16, 2022
10393c2
describe: defensive programming
dscho Dec 16, 2022
dec21f8
inherit_tracking(): defensive programming
dscho Dec 16, 2022
223a005
submodule: check return value of `submodule_from_path()`
dscho Dec 16, 2022
137f6c4
test-tool repository: check return value of `lookup_commit()`
dscho Dec 16, 2022
17e9e9a
shallow: handle missing shallow commits gracefully
dscho Dec 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion object-name.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1106,7 +1106,7 @@ static enum get_oid_result get_parent(struct repository *r,
if (ret)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Junio C Hamano wrote (reply to this):

"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:

> From: Johannes Schindelin <[email protected]>
>
> CodeQL points out that `lookup_commit_reference()` can return NULL
> values.
>
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
>  object-name.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/object-name.c b/object-name.c
> index 76749fbfe652..ca54dad2f4c8 100644
> --- a/object-name.c
> +++ b/object-name.c
> @@ -1106,7 +1106,7 @@ static enum get_oid_result get_parent(struct repository *r,
>  	if (ret)
>  		return ret;
>  	commit = lookup_commit_reference(r, &oid);
> -	if (repo_parse_commit(r, commit))
> +	if (!commit || repo_parse_commit(r, commit))
>  		return MISSING_OBJECT;

Most of the time, the check for "ret" we see in the pre-context,
which is a result of get_oid_1(), would prevent an oid that is not a
valid name for a committish to even reach this code, I would think,
but with possible repository corruption, we may fail to "lookup" the
commit, so this is a good correction, I would think.

Thanks.


>  	if (!idx) {
>  		oidcpy(result, &commit->object.oid);

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Jeff King wrote (reply to this):

On Thu, May 15, 2025 at 12:45:27PM +0000, Johannes Schindelin via GitGitGadget wrote:

> CodeQL points out that `lookup_commit_reference()` can return NULL
> values.
> [...]
>  	commit = lookup_commit_reference(r, &oid);
> -	if (repo_parse_commit(r, commit))
> +	if (!commit || repo_parse_commit(r, commit))
>  		return MISSING_OBJECT;

Sure, but repo_parse_commit() can also handle NULL values. It returns
"-1" in that case. I think CodeQL is not smart enough to know that.

-Peff

return ret;
commit = lookup_commit_reference(r, &oid);
if (repo_parse_commit(r, commit))
if (!commit || repo_parse_commit(r, commit))
return MISSING_OBJECT;
if (!idx) {
oidcpy(result, &commit->object.oid);
Expand Down
3 changes: 3 additions & 0 deletions revision.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3359,6 +3359,9 @@ static int leave_one_treesame_to_parent(struct rev_info *revs, struct commit *co
struct commit_list *p;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Junio C Hamano wrote (reply to this):

"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:

> From: Johannes Schindelin <[email protected]>
>
> On the off chance that `lookup_decoration()` cannot find anything, let
> `leave_one_treesame_to_parent()` return gracefully instead of crashing.

But wouldn't it be a BUG("") worthy event for the treesame
decoration not to exist for the commit object in question at this
point of the code?  Is it really defensive to silently pretend that
nothing bad happened and to move forward?

> Pointed out by CodeQL.
>
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
>  revision.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/revision.c b/revision.c
> index c4390f0938cb..59eae4eb8ba8 100644
> --- a/revision.c
> +++ b/revision.c
> @@ -3359,6 +3359,9 @@ static int leave_one_treesame_to_parent(struct rev_info *revs, struct commit *co
>  	struct commit_list *p;
>  	unsigned n;
>  
> +	if (!ts)
> +		return 0;
> +
>  	for (p = commit->parents, n = 0; p; p = p->next, n++) {
>  		if (ts->treesame[n]) {
>  			if (p->item->object.flags & TMP_MARK) {

unsigned n;

if (!ts)
return 0;

for (p = commit->parents, n = 0; p; p = p->next, n++) {
if (ts->treesame[n]) {
if (p->item->object.flags & TMP_MARK) {
Expand Down