Re: [PATCH v2] commit: check result of resolve_ref_unsafe
19.10.2017 20:44, Jeff King wrote: On Thu, Oct 19, 2017 at 12:36:50PM +0300, Andrey Okoshkin wrote: Thanks, this looks good to me. One other possible minor improvement: head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL); + if (!head) + die(_("unable to resolve HEAD after creating commit")); Should we use die_errno() here to report the value of errno? I think resolve_ref_unsafe() should set it consistently (even an internal problem, like an illegally-formatted refname, yields EINVAL). Thanks, sounds relevant. Also as an alternative solution it's possible to use warning_errno (instead of die_errno) and continue with 'head' set to something like 'unreadable|bad HEAD'. I grepped the code base looking for other instances of the same problem, and found four of them. Patches to follow. Unlike this one, I ended up quietly returning an error in most cases. The individual commit messages discuss the reasoning for each case, but I do wonder if we ought to simply die() in each case out of an abundance of caution (either the repo has a broken symref, or some weird filesystem error occurred, but either way it may be best not to continue). I dunno. These are all independent, so can be applied in any order or combination with respect to each other and to your patch. [1/4]: test-ref-store: avoid passing NULL to printf [2/4]: remote: handle broken symrefs [3/4]: log: handle broken HEAD in decoration check [4/4]: worktree: handle broken symrefs in find_shared_symref() Good changes, it's better to apply. -- Best regards, Andrey
Re: [PATCH v2] commit: check result of resolve_ref_unsafe
On Thu, Oct 19, 2017 at 12:36:50PM +0300, Andrey Okoshkin wrote: > Add check of the resolved HEAD reference while printing of a commit summary. > resolve_ref_unsafe() may return NULL pointer if underlying calls of lstat() > or > open() fail in files_read_raw_ref(). > Such situation can be caused by race: file becomes inaccessible to this > moment. > > Signed-off-by: Andrey Okoshkin > --- > Thank you for your review. > > Changes since the previous patch: > * BUG is replaced with die, message; > * Message is changed. Thanks, this looks good to me. One other possible minor improvement: > head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL); > + if (!head) > + die(_("unable to resolve HEAD after creating commit")); Should we use die_errno() here to report the value of errno? I think resolve_ref_unsafe() should set it consistently (even an internal problem, like an illegally-formatted refname, yields EINVAL). I grepped the code base looking for other instances of the same problem, and found four of them. Patches to follow. Unlike this one, I ended up quietly returning an error in most cases. The individual commit messages discuss the reasoning for each case, but I do wonder if we ought to simply die() in each case out of an abundance of caution (either the repo has a broken symref, or some weird filesystem error occurred, but either way it may be best not to continue). I dunno. These are all independent, so can be applied in any order or combination with respect to each other and to your patch. [1/4]: test-ref-store: avoid passing NULL to printf [2/4]: remote: handle broken symrefs [3/4]: log: handle broken HEAD in decoration check [4/4]: worktree: handle broken symrefs in find_shared_symref() builtin/remote.c | 2 +- log-tree.c| 2 +- t/helper/test-ref-store.c | 2 +- worktree.c| 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) -Peff
[PATCH v2] commit: check result of resolve_ref_unsafe
Add check of the resolved HEAD reference while printing of a commit summary. resolve_ref_unsafe() may return NULL pointer if underlying calls of lstat() or open() fail in files_read_raw_ref(). Such situation can be caused by race: file becomes inaccessible to this moment. Signed-off-by: Andrey Okoshkin --- Thank you for your review. Changes since the previous patch: * BUG is replaced with die, message; * Message is changed. builtin/commit.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/builtin/commit.c b/builtin/commit.c index 1a0da71a4..cc27c9af7 100644 --- a/builtin/commit.c +++ b/builtin/commit.c @@ -1483,6 +1483,8 @@ static void print_summary(const char *prefix, const struct object_id *oid, diff_setup_done(&rev.diffopt); head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL); + if (!head) + die(_("unable to resolve HEAD after creating commit")); if (!strcmp(head, "HEAD")) head = _("detached HEAD"); else -- 2.14.2