From: Jeff King <peff@peff•net>
To: Karthik Nayak <karthik.188@gmail•com>
Cc: git@vger•kernel.org, gitster@pobox•com, ps@pks•im,
schwab@linux-m68k•org, phillip.wood123@gmail•com,
Christian Couder <chriscool@tuxfamily•org>
Subject: Re: [PATCH v5 3/5] refs: selectively set prefix in the seek functions
Date: Wed, 16 Jul 2025 22:09:05 -0400 [thread overview]
Message-ID: <20250717020905.GA2193264@coredump.intra.peff.net> (raw)
In-Reply-To: <20250715-306-git-for-each-ref-pagination-v5-3-852d5a2f56e1@gmail.com>
On Tue, Jul 15, 2025 at 01:28:28PM +0200, Karthik Nayak wrote:
> +static int cache_ref_iterator_seek(struct ref_iterator *ref_iterator,
> + const char *refname, unsigned int flags)
> [...]
> + do {
> + int len, idx;
> + int cmp = 0;
> +
> + sort_ref_dir(dir);
> +
> + slash = strchr(slash, '/');
> + len = slash ? slash - refname : (int)strlen(refname);
I was looking at this code due to a nearby thread and noticed this funny
cast to int. I guess you added it to silence -Wsign-compare, but Why are
we not using a size_t in the first place?
This kind of conversion can sometimes have security implications because
a very large "refname" would cause "len" to become negative (i.e., if
it's between 2GB and 4GB).
In this particular case it ends up cast back to a size_t via strncmp:
> + for (idx = 0; idx < dir->nr; idx++) {
> + cmp = strncmp(refname, dir->entries[idx]->name, len);
> + if (cmp <= 0)
> + break;
> + }
so we get the original value back. We'd still get truncation for a
refname value over 4GB, which would presumably give us a slightly wrong
answer. But I don't think we'd ever look outside the array.
Such sizes are probably unlikely if we are feeding filesystem paths. But
we probably should not set a bad example, and just do;
diff --git a/refs/ref-cache.c b/refs/ref-cache.c
index 1d95b56d40..3949d145e8 100644
--- a/refs/ref-cache.c
+++ b/refs/ref-cache.c
@@ -498,13 +498,14 @@ static int cache_ref_iterator_seek(struct ref_iterator *ref_iterator,
* indexing to each level as needed.
*/
do {
- int len, idx;
+ size_t len;
+ int idx;
int cmp = 0;
sort_ref_dir(dir);
slash = strchr(slash, '/');
- len = slash ? slash - refname : (int)strlen(refname);
+ len = slash ? slash - refname : strlen(refname);
for (idx = 0; idx < dir->nr; idx++) {
cmp = strncmp(refname, dir->entries[idx]->name, len);
-Peff
next prev parent reply other threads:[~2025-07-17 2:09 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-01 15:03 [PATCH 0/4] for-each-ref: introduce seeking functionality via '--skip-until' Karthik Nayak
2025-07-01 15:03 ` [PATCH 1/4] refs: expose `ref_iterator` via 'refs.h' Karthik Nayak
2025-07-01 15:03 ` [PATCH 2/4] ref-cache: remove unused function 'find_ref_entry()' Karthik Nayak
2025-07-14 15:46 ` Junio C Hamano
2025-07-01 15:03 ` [PATCH 3/4] refs: selectively set prefix in the seek functions Karthik Nayak
2025-07-03 5:55 ` Patrick Steinhardt
2025-07-03 9:40 ` Karthik Nayak
2025-07-01 15:03 ` [PATCH 4/4] for-each-ref: introduce a '--skip-until' option Karthik Nayak
2025-07-03 5:55 ` Patrick Steinhardt
2025-07-03 10:02 ` Karthik Nayak
2025-07-03 10:59 ` Patrick Steinhardt
2025-07-01 17:08 ` [PATCH 0/4] for-each-ref: introduce seeking functionality via '--skip-until' Junio C Hamano
2025-07-02 16:45 ` Karthik Nayak
2025-07-01 21:37 ` Junio C Hamano
2025-07-02 18:19 ` Karthik Nayak
2025-07-03 8:41 ` Karthik Nayak
2025-07-02 14:14 ` Phillip Wood
2025-07-02 20:33 ` Karthik Nayak
2025-07-03 5:18 ` Patrick Steinhardt
2025-07-03 5:56 ` Junio C Hamano
2025-07-03 8:19 ` Patrick Steinhardt
2025-07-03 8:48 ` Karthik Nayak
2025-07-04 13:02 ` [PATCH v2 " Karthik Nayak
2025-07-04 13:02 ` [PATCH v2 1/4] refs: expose `ref_iterator` via 'refs.h' Karthik Nayak
2025-07-04 13:02 ` [PATCH v2 2/4] ref-cache: remove unused function 'find_ref_entry()' Karthik Nayak
2025-07-04 13:02 ` [PATCH v2 3/4] refs: selectively set prefix in the seek functions Karthik Nayak
2025-07-04 13:02 ` [PATCH v2 4/4] for-each-ref: introduce a '--skip-until' option Karthik Nayak
2025-07-07 15:30 ` Junio C Hamano
2025-07-07 18:31 ` Karthik Nayak
2025-07-04 13:41 ` [PATCH v2 0/4] for-each-ref: introduce seeking functionality via '--skip-until' Andreas Schwab
2025-07-04 14:02 ` Karthik Nayak
2025-07-04 14:52 ` Andreas Schwab
2025-07-04 14:58 ` Karthik Nayak
2025-07-04 15:55 ` Andreas Schwab
2025-07-07 8:52 ` Karthik Nayak
2025-07-04 16:39 ` Junio C Hamano
2025-07-07 8:59 ` Karthik Nayak
2025-07-07 9:45 ` Phillip Wood
2025-07-08 11:39 ` Karthik Nayak
2025-07-08 13:47 ` [PATCH v3 0/4] for-each-ref: introduce seeking functionality via '--start-after' Karthik Nayak
2025-07-08 13:47 ` [PATCH v3 1/4] refs: expose `ref_iterator` via 'refs.h' Karthik Nayak
2025-07-08 13:47 ` [PATCH v3 2/4] ref-cache: remove unused function 'find_ref_entry()' Karthik Nayak
2025-07-08 13:47 ` [PATCH v3 3/4] refs: selectively set prefix in the seek functions Karthik Nayak
2025-07-10 6:44 ` Patrick Steinhardt
2025-07-11 9:44 ` Karthik Nayak
2025-07-14 16:09 ` Junio C Hamano
2025-07-15 9:49 ` Karthik Nayak
2025-07-15 16:35 ` Junio C Hamano
2025-07-16 14:40 ` Karthik Nayak
2025-07-16 15:39 ` Junio C Hamano
2025-07-16 20:02 ` Junio C Hamano
2025-07-17 9:01 ` Karthik Nayak
2025-07-17 17:31 ` Junio C Hamano
2025-07-08 13:47 ` [PATCH v3 4/4] for-each-ref: introduce a '--start-after' option Karthik Nayak
2025-07-08 20:25 ` Junio C Hamano
2025-07-09 9:53 ` Karthik Nayak
2025-07-11 16:18 ` [PATCH v4 0/4] for-each-ref: introduce seeking functionality via '--start-after' Karthik Nayak
2025-07-11 16:18 ` [PATCH v4 1/4] refs: expose `ref_iterator` via 'refs.h' Karthik Nayak
2025-07-11 16:18 ` [PATCH v4 2/4] ref-cache: remove unused function 'find_ref_entry()' Karthik Nayak
2025-07-11 16:18 ` [PATCH v4 3/4] refs: selectively set prefix in the seek functions Karthik Nayak
2025-07-14 10:34 ` Christian Couder
2025-07-15 8:19 ` Karthik Nayak
2025-07-11 16:18 ` [PATCH v4 4/4] for-each-ref: introduce a '--start-after' option Karthik Nayak
2025-07-14 16:04 ` Christian Couder
2025-07-14 16:42 ` Junio C Hamano
2025-07-15 8:42 ` Karthik Nayak
2025-07-14 16:34 ` [PATCH v4 0/4] for-each-ref: introduce seeking functionality via '--start-after' Christian Couder
2025-07-14 16:49 ` Junio C Hamano
2025-07-15 9:49 ` Karthik Nayak
2025-07-15 11:28 ` [PATCH v5 0/5] " Karthik Nayak
2025-07-15 11:28 ` [PATCH v5 1/5] refs: expose `ref_iterator` via 'refs.h' Karthik Nayak
2025-07-15 11:28 ` [PATCH v5 2/5] ref-cache: remove unused function 'find_ref_entry()' Karthik Nayak
2025-07-17 14:48 ` Junio C Hamano
2025-07-17 19:31 ` Karthik Nayak
2025-07-17 20:32 ` Junio C Hamano
2025-07-15 11:28 ` [PATCH v5 3/5] refs: selectively set prefix in the seek functions Karthik Nayak
2025-07-17 2:09 ` Jeff King [this message]
2025-07-17 19:49 ` Karthik Nayak
2025-07-17 21:55 ` Jeff King
2025-07-15 11:28 ` [PATCH v5 4/5] ref-filter: remove unnecessary else clause Karthik Nayak
2025-07-15 11:28 ` [PATCH v5 5/5] for-each-ref: introduce a '--start-after' option Karthik Nayak
2025-07-17 15:31 ` Junio C Hamano
2025-07-22 8:07 ` Karthik Nayak
2025-07-15 19:00 ` [PATCH v5 0/5] for-each-ref: introduce seeking functionality via '--start-after' Junio C Hamano
2025-07-17 1:19 ` Kyle Lippincott
2025-07-17 1:54 ` Jeff King
2025-07-17 17:08 ` Kyle Lippincott
2025-07-17 19:26 ` Karthik Nayak
2025-07-17 19:35 ` Kyle Lippincott
2025-07-17 22:09 ` Jeff King
2025-07-17 22:16 ` Jeff King
2025-07-21 14:27 ` Karthik Nayak
2025-07-21 21:22 ` Jeff King
2025-07-22 8:44 ` Karthik Nayak
2025-07-17 22:21 ` Junio C Hamano
2025-07-23 21:51 ` [PATCH] ref-iterator-seek: correctly initialize the prefix_state for a new level Junio C Hamano
2025-07-23 21:57 ` Kyle Lippincott
2025-07-23 23:52 ` Jeff King
2025-07-24 8:12 ` Karthik Nayak
2025-07-24 17:01 ` Junio C Hamano
2025-07-24 22:11 ` [PATCH] ref-cache: set prefix_state when seeking Karthik Nayak
2025-07-24 22:30 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250717020905.GA2193264@coredump.intra.peff.net \
--to=peff@peff$(echo .)net \
--cc=chriscool@tuxfamily$(echo .)org \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=karthik.188@gmail$(echo .)com \
--cc=phillip.wood123@gmail$(echo .)com \
--cc=ps@pks$(echo .)im \
--cc=schwab@linux-m68k$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox