As Peff reported [1], the refactored can_all_from_reach_with_flags() method does not properly peel tags. Since the helper method can_all_from_reach() and code in t/helper/test-reach.c all peel tags before getting to this method, it is not super-simple to create a test that demonstrates this.
I modified t/helper/test-reach.c to allow calling can_all_from_reach_with_flags() directly, and added a test in t6600-test-reach.sh that demonstrates the segfault without the fix. For V2, I compared the loop that inspects the 'from' commits in commit ba3ca1edce "commit-reach: move can_all_from_reach_with_flags" to the version here and got the following diff: 3c3 < if (from_one->flags & assign_flag) --- > if (!from_one || from_one->flags & assign_flag) 5c5,7 < from_one = deref_tag(the_repository, from_one, "a from object", 0); --- > > from_one = deref_tag(the_repository, from_one, > "a from object", 0); 14a17,22 > > list[nr_commits] = (struct commit *)from_one; > if (parse_commit(list[nr_commits]) || > list[nr_commits]->generation < min_generation) > return 0; /* is this a leak? */ > nr_commits++; This diff includes the early termination we had before 'deref_tag' and the comment for why we can ignore non-commit objects. [1] https://public-inbox.org/git/0bf9103c-9377-506b-7ad7-e5273d8e9...@gmail.com/T/#u Derrick Stolee (1): commit-reach: properly peel tags and clear flags commit-reach.c | 44 +++++++++++++++++++++++++++++++++---------- t/helper/test-reach.c | 22 +++++++++++++++++----- t/t6600-test-reach.sh | 30 +++++++++++++++++++++++++++-- 3 files changed, 79 insertions(+), 17 deletions(-) base-commit: 6621c838743812aaba96e55cfec8524ea1144c2d Published-As: https://github.com/gitgitgadget/git/releases/tags/pr-39%2Fderrickstolee%2Ftag-fix-v4 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-39/derrickstolee/tag-fix-v4 Pull-Request: https://github.com/gitgitgadget/git/pull/39 Range-diff vs v3: 1: 0a1e661271 ! 1: a0a3cf0134 commit-reach: properly peel tags @@ -1,6 +1,6 @@ Author: Derrick Stolee <dsto...@microsoft.com> - commit-reach: properly peel tags + commit-reach: properly peel tags and clear flags The can_all_from_reach_with_flag() algorithm was refactored in 4fbcca4e "commit-reach: make can_all_from_reach... linear" but incorrectly @@ -14,6 +14,19 @@ Correct the issue by peeling tags when investigating the initial list of objects in the 'from' array. + The can_all_from_reach_with_flag() method uses 'assign_flag' as a + value we can use to mark objects temporarily during our commit walk. + The intent is that these flags are removed from all objects before + returning. However, this is not the case. + + The 'from' array could also contain objects that are not commits, and + we mark those objects with 'assign_flag'. Add a loop to the 'cleanup' + section that removes these markers. + + Also, we forgot to free() the memory for 'list', so add that to the + 'cleanup' section. Also, use a cleaner mechanism for clearing those + flags. + Signed-off-by: Jeff King <p...@peff.net> Signed-off-by: Derrick Stolee <dsto...@microsoft.com> @@ -74,10 +87,18 @@ cleanup: - for (i = 0; i < from->nr; i++) { -+ for (i = 0; i < nr_commits; i++) { - clear_commit_marks(list[i], RESULT); - clear_commit_marks(list[i], assign_flag); - } +- clear_commit_marks(list[i], RESULT); +- clear_commit_marks(list[i], assign_flag); +- } ++ clear_commit_marks_many(nr_commits, list, RESULT | assign_flag); ++ free(list); ++ ++ for (i = 0; i < from->nr; i++) ++ from->objects[i].item->flags &= ~assign_flag; ++ + return result; + } + diff --git a/t/helper/test-reach.c b/t/helper/test-reach.c --- a/t/helper/test-reach.c 2: b2e0ee4978 < -: ---------- commit-reach: fix memory and flag leaks -- gitgitgadget
