Re: [PATCH v2] commit: check result of resolve_ref_unsafe

2017-10-20 Thread Andrey Okoshkin 


19.10.2017 20:44, Jeff King wrote:

On Thu, Oct 19, 2017 at 12:36:50PM +0300, Andrey Okoshkin wrote:

Thanks, this looks good to me. One other possible minor improvement:


head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL);
+   if (!head)
+   die(_("unable to resolve HEAD after creating commit"));


Should we use die_errno() here to report the value of errno? I think
resolve_ref_unsafe() should set it consistently (even an internal
problem, like an illegally-formatted refname, yields EINVAL).

Thanks, sounds relevant.
Also as an alternative solution it's possible to use warning_errno 
(instead of die_errno) and continue with 'head' set to something like

'unreadable|bad HEAD'.


I grepped the code base looking for other instances of the same problem,
and found four of them. Patches to follow.

Unlike this one, I ended up quietly returning an error in most cases.
The individual commit messages discuss the reasoning for each case, but
I do wonder if we ought to simply die() in each case out of an abundance
of caution (either the repo has a broken symref, or some weird
filesystem error occurred, but either way it may be best not to
continue). I dunno.

These are all independent, so can be applied in any order or combination
with respect to each other and to your patch.

   [1/4]: test-ref-store: avoid passing NULL to printf
   [2/4]: remote: handle broken symrefs
   [3/4]: log: handle broken HEAD in decoration check
   [4/4]: worktree: handle broken symrefs in find_shared_symref()

Good changes, it's better to apply.

--
Best regards,
Andrey

Re: [PATCH v2] commit: check result of resolve_ref_unsafe

2017-10-19 Thread Jeff King 
On Thu, Oct 19, 2017 at 12:36:50PM +0300, Andrey Okoshkin wrote:

> Add check of the resolved HEAD reference while printing of a commit summary.
> resolve_ref_unsafe() may return NULL pointer if underlying calls of lstat()
> or
> open() fail in files_read_raw_ref().
> Such situation can be caused by race: file becomes inaccessible to this
> moment.
> 
> Signed-off-by: Andrey Okoshkin 
> ---
> Thank you for your review.
> 
> Changes since the previous patch:
> * BUG is replaced with die, message;
> * Message is changed.

Thanks, this looks good to me. One other possible minor improvement:

>   head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL);
> + if (!head)
> + die(_("unable to resolve HEAD after creating commit"));

Should we use die_errno() here to report the value of errno? I think
resolve_ref_unsafe() should set it consistently (even an internal
problem, like an illegally-formatted refname, yields EINVAL).

I grepped the code base looking for other instances of the same problem,
and found four of them. Patches to follow.

Unlike this one, I ended up quietly returning an error in most cases.
The individual commit messages discuss the reasoning for each case, but
I do wonder if we ought to simply die() in each case out of an abundance
of caution (either the repo has a broken symref, or some weird
filesystem error occurred, but either way it may be best not to
continue). I dunno.

These are all independent, so can be applied in any order or combination
with respect to each other and to your patch.

  [1/4]: test-ref-store: avoid passing NULL to printf
  [2/4]: remote: handle broken symrefs
  [3/4]: log: handle broken HEAD in decoration check
  [4/4]: worktree: handle broken symrefs in find_shared_symref()

 builtin/remote.c  | 2 +-
 log-tree.c| 2 +-
 t/helper/test-ref-store.c | 2 +-
 worktree.c| 3 ++-
 4 files changed, 5 insertions(+), 4 deletions(-)

-Peff

[PATCH v2] commit: check result of resolve_ref_unsafe

2017-10-19 Thread Andrey Okoshkin 

Add check of the resolved HEAD reference while printing of a commit summary.
resolve_ref_unsafe() may return NULL pointer if underlying calls of 
lstat() or

open() fail in files_read_raw_ref().
Such situation can be caused by race: file becomes inaccessible to this 
moment.


Signed-off-by: Andrey Okoshkin 
---
Thank you for your review.

Changes since the previous patch:
* BUG is replaced with die, message;
* Message is changed.

 builtin/commit.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/builtin/commit.c b/builtin/commit.c
index 1a0da71a4..cc27c9af7 100644
--- a/builtin/commit.c
+++ b/builtin/commit.c
@@ -1483,6 +1483,8 @@ static void print_summary(const char *prefix, 
const struct object_id *oid,

diff_setup_done(&rev.diffopt);

head = resolve_ref_unsafe("HEAD", 0, junk_oid.hash, NULL);
+   if (!head)
+   die(_("unable to resolve HEAD after creating commit"));
if (!strcmp(head, "HEAD"))
head = _("detached HEAD");
else
--
2.14.2