summaryrefslogtreecommitdiff
path: root/commit.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2019-10-18 04:43:29 (GMT)
committerJunio C Hamano <gitster@pobox.com>2019-10-21 02:15:23 (GMT)
commit12736d2f027c72d4c900f10ae064d2a673344c9e (patch)
tree970ede9e341055be5d8cf7e6623c9d3146152668 /commit.c
parentc78fe00459d49cd57cbfabc5c564af0cb9a934f1 (diff)
downloadgit-12736d2f027c72d4c900f10ae064d2a673344c9e.zip
git-12736d2f027c72d4c900f10ae064d2a673344c9e.tar.gz
git-12736d2f027c72d4c900f10ae064d2a673344c9e.tar.bz2
parse_commit_buffer(): treat lookup_tree() failure as parse error
If parsing a commit yields a valid tree oid, but we've seen that same oid as a non-tree in the same process, the resulting commit struct will end up with a NULL tree pointer, but not otherwise report a parsing failure. That's perhaps convenient for callers which want to operate on even partially corrupt commits (e.g., by still looking at the parents). But it leaves a potential trap for most callers, who now have to manually check for a NULL tree. Most do not, and it's likely that there are possible segfaults lurking. I say "possible" because there are many candidates, and I don't think it's worth following through on reproducing them when we can just fix them all in one spot. And certainly we _have_ seen real-world cases, such as the one fixed by 806278dead (commit-graph.c: handle corrupt/missing trees, 2019-09-05). Note that we can't quite drop the check in the caller added by that commit yet, as there's some subtlety with repeated parsings (which will be addressed in a future commit). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.c')
-rw-r--r--commit.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/commit.c b/commit.c
index 6467c9e..810419a 100644
--- a/commit.c
+++ b/commit.c
@@ -401,6 +401,7 @@ int parse_commit_buffer(struct repository *r, struct commit *item, const void *b
struct commit_graft *graft;
const int tree_entry_len = the_hash_algo->hexsz + 5;
const int parent_entry_len = the_hash_algo->hexsz + 7;
+ struct tree *tree;
if (item->object.parsed)
return 0;
@@ -412,7 +413,12 @@ int parse_commit_buffer(struct repository *r, struct commit *item, const void *b
if (get_oid_hex(bufptr + 5, &parent) < 0)
return error("bad tree pointer in commit %s",
oid_to_hex(&item->object.oid));
- set_commit_tree(item, lookup_tree(r, &parent));
+ tree = lookup_tree(r, &parent);
+ if (!tree)
+ return error("bad tree pointer %s in commit %s",
+ oid_to_hex(&parent),
+ oid_to_hex(&item->object.oid));
+ set_commit_tree(item, tree);
bufptr += tree_entry_len + 1; /* "tree " + "hex sha1" + "\n" */
pptr = &item->parents;