From: Junio C Hamano <gitster@pobox•com>
To: Jeff King <peff@peff•net>
Cc: git@vger•kernel.org
Subject: Re: [PATCH 2/2] fsck: detect and warn a commit with embedded NUL
Date: Thu, 14 Apr 2016 11:25:29 -0700 [thread overview]
Message-ID: <xmqq1t68gi92.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <20160414182102.GB22068@sigill.intra.peff.net> (Jeff King's message of "Thu, 14 Apr 2016 14:21:03 -0400")
Jeff King <peff@peff•net> writes:
>> + const char *buffer_begin = buffer;
>>
>> if (verify_headers(buffer, size, &commit->object, options))
>> return -1;
>
> You need this "buffer_begin" because we move the "buffer" pointer
> forward as we parse. But perhaps whole-buffer checks should simply go at
> the top (next to verify_headers) before we start advancing the pointer.
> To me, that makes the function's flow more natural.
That was my second iteration. I didn't want the function return
with warning without checking more serious errors that may be in the
object.
> But alternatively...
>
>> @@ -671,6 +673,12 @@ static int fsck_commit_buffer(struct commit *commit, const char *buffer,
>> if (err)
>> return err;
>> }
>> + if (memchr(buffer_begin, '\0', size)) {
>> + err = report(options, &commit->object, FSCK_MSG_NUL_IN_COMMIT,
>> + "NUL byte in the commit object body");
>> + if (err)
>> + return err;
>> + }
>
> Here we've parsed to the end of the headers we know about. We know
> there's no NUL there, because verify_headers() would have complained.
> And because the individual header parsers would have complained. So I
> actually think we could check from "buffer" (of course we do still need
> to record the beginning of the buffer to adjust "size" appropriately).
Yes, keeping the "begin" pointer is a cheap way to do an equivalent
of "adjusting size".
> It's a little more efficient (we don't have to memchr over the same
> bytes again). But I'd worry a little that doing it that way would
> introduce coupling between this check and verify_headers(), though (so
> that if the latter ever changes, our check may start missing cases).
>
> So yet another alternative would be to include this check in
> verify_headers(). It would parse to the end of the headers as now, and
> then from there additionally look for a NUL in the body.
>
> Of the three approaches, I think I like that third one. It's the most
> efficient, and I think the flow is pretty clear. We'd probably want to
> rename verify_headers(), though. :)
Sounds sensible, except the "should a mere warning hide potentially
more serious errors?" question remains.
next prev parent reply other threads:[~2016-04-14 18:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-14 18:07 [PATCH 1/2] fsck_commit_buffer(): do not special case the last validation Junio C Hamano
2016-04-14 18:07 ` [PATCH 2/2] fsck: detect and warn a commit with embedded NUL Junio C Hamano
2016-04-14 18:21 ` Jeff King
2016-04-14 18:25 ` Junio C Hamano [this message]
2016-04-14 18:29 ` Jeff King
2016-04-14 19:04 ` Junio C Hamano
2016-04-14 18:25 ` Jeff King
2016-04-14 18:37 ` Junio C Hamano
2016-04-15 13:43 ` Johannes Schindelin
2016-04-14 18:10 ` [PATCH 1/2] fsck_commit_buffer(): do not special case the last validation Jeff King
2016-04-14 18:15 ` Junio C Hamano
2016-04-15 13:41 ` Johannes Schindelin
2016-04-15 15:06 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq1t68gi92.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=peff@peff$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox