diff options
| author | Jeff King <peff@peff.net> | 2020-01-29 05:46:47 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-01-29 07:12:48 (GMT) |
| commit | d20bc01a51f7899deb7a04bdd7c2495789185297 (patch) | |
| tree | 6d955d79dba41b1cdd3c4326509d614b67ca507a /xdiff-interface.c | |
| parent | 4c616c2ba1c176573bd1ae7c4ec3271d1f175448 (diff) | |
| download | git-d20bc01a51f7899deb7a04bdd7c2495789185297.zip git-d20bc01a51f7899deb7a04bdd7c2495789185297.tar.gz git-d20bc01a51f7899deb7a04bdd7c2495789185297.tar.bz2 | |
avoid computing zero offsets from NULL pointer
The Undefined Behavior Sanitizer in clang-11 seems to have learned a new
trick: it complains about computing offsets from a NULL pointer, even if
that offset is 0. This causes numerous test failures. For example, from
t1090:
unpack-trees.c:1355:41: runtime error: applying zero offset to null pointer
...
not ok 6 - in partial clone, sparse checkout only fetches needed blobs
The code in question looks like this:
struct cache_entry **cache_end = cache + nr;
...
while (cache != cache_end)
and we sometimes pass in a NULL and 0 for "cache" and "nr". This is
conceptually fine, as "cache_end" would be equal to "cache" in this
case, and we wouldn't enter the loop at all. But computing even a zero
offset violates the C standard. And given the fact that UBSan is
noticing this behavior, this might be a potential problem spot if the
compiler starts making unexpected assumptions based on undefined
behavior.
So let's just avoid it, which is pretty easy. In some cases we can just
switch to iterating with a numeric index (as we do in sequencer.c here).
In other cases (like the cache_end one) the use of an end pointer is
more natural; we can keep that by just explicitly checking for the
NULL/0 case when assigning the end pointer.
Note that there are two ways you can write this latter case, checking
for the pointer:
cache_end = cache ? cache + nr : cache;
or the size:
cache_end = nr ? cache + nr : cache;
For the case of a NULL/0 ptr/len combo, they are equivalent. But writing
it the second way (as this patch does) has the property that if somebody
were to incorrectly pass a NULL pointer with a non-zero length, we'd
continue to notice and segfault, rather than silently pretending the
length was zero.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'xdiff-interface.c')
| -rw-r--r-- | xdiff-interface.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/xdiff-interface.c b/xdiff-interface.c index 8509f9e..99661d4 100644 --- a/xdiff-interface.c +++ b/xdiff-interface.c @@ -84,8 +84,8 @@ static void trim_common_tail(mmfile_t *a, mmfile_t *b) { const int blk = 1024; long trimmed = 0, recovered = 0; - char *ap = a->ptr + a->size; - char *bp = b->ptr + b->size; + char *ap = a->size ? a->ptr + a->size : a->ptr; + char *bp = b->size ? b->ptr + b->size : b->ptr; long smaller = (a->size < b->size) ? a->size : b->size; while (blk + trimmed <= smaller && !memcmp(ap - blk, bp - blk, blk)) { |