From: "SZEDER Gábor" <szeder.dev@gmail.com>
To: Elijah Newren <newren@gmail.com>
Cc: git@vger.kernel.org, "Jeff King" <peff@peff.net>,
"Rafael Ascensão" <rafa.almas@gmail.com>,
"Samuel Lijin" <sxlijin@gmail.com>
Subject: Re: [RFC PATCH v2 12/12] clean: fix theoretical path corruption
Date: Thu, 5 Sep 2019 21:27:44 +0200 [thread overview]
Message-ID: <20190905192744.GB32087@szeder.dev> (raw)
In-Reply-To: <20190905154735.29784-13-newren@gmail.com>
On Thu, Sep 05, 2019 at 08:47:35AM -0700, Elijah Newren wrote:
> cmd_clean() had the following code structure:
>
> struct strbuf abs_path = STRBUF_INIT;
> for_each_string_list_item(item, &del_list) {
> strbuf_addstr(&abs_path, prefix);
> strbuf_addstr(&abs_path, item->string);
> PROCESS(&abs_path);
> strbuf_reset(&abs_path);
> }
>
> where I've elided a bunch of unnecessary details and PROCESS(&abs_path)
> represents a big chunk of code rather than an actual function call. One
> piece of PROCESS was:
>
> if (lstat(abs_path.buf, &st))
> continue;
>
> which would cause the strbuf_reset() to be missed -- meaning that the
> next path to be handled would have two paths concatenated. This path
> used to use die_errno() instead of continue prior to commit 396049e5fb62
> ("git-clean: refactor git-clean into two phases", 2013-06-25), but my
> understanding of how correct_untracked_entries() works is that it will
> prevent both dir/ and dir/file from being in the list to clean so this
> should be dead code and the die_errno() should be safe. But I hesitate
> to remove it since I am not certain. Instead, just fix it to avoid path
> corruption in case it is possible to reach this continue statement.
>
> Signed-off-by: Elijah Newren <newren@gmail.com>
> ---
> builtin/clean.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/builtin/clean.c b/builtin/clean.c
> index 6030842f3a..ccb6e23f0b 100644
> --- a/builtin/clean.c
> +++ b/builtin/clean.c
> @@ -1028,8 +1028,10 @@ int cmd_clean(int argc, const char **argv, const char *prefix)
> * recursive directory removal, so lstat() here could
> * fail with ENOENT.
> */
> - if (lstat(abs_path.buf, &st))
> + if (lstat(abs_path.buf, &st)) {
> + strbuf_reset(&abs_path);
> continue;
> + }
I wonder whether it would be safer to call strbuf_reset() at the start
of each loop iteration instead of before 'continue'. That way we
wouldn't have to worry about another 'continue' statements forgetting
about it.
It probably doesn't really matter in this particular case (considering
that it's potentially dead code to begin with), but have a look at
e.g. diff.c:show_stats() and its several strbuf_reset(&out) calls
preceeding continue statements.
> if (S_ISDIR(st.st_mode)) {
> if (remove_dirs(&abs_path, prefix, rm_flags, dry_run, quiet, &gone))
> --
> 2.22.1.11.g45a39ee867
>
next prev parent reply other threads:[~2019-09-05 19:27 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-25 18:59 [PATCH] t7300-clean: demonstrate deleting nested repo with an ignored file breakage SZEDER Gábor
2019-08-25 20:34 ` SZEDER Gábor
2019-08-25 22:32 ` Philip Oakley
2019-08-26 7:48 ` SZEDER Gábor
2019-09-05 15:47 ` [RFC PATCH v2 00/12] Fix some git clean issues Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 01/12] t7300: Add some testcases showing failure to clean specified pathspecs Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 02/12] dir: fix typo in comment Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 03/12] dir: fix off-by-one error in match_pathspec_item Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 04/12] dir: Directories should be checked for matching pathspecs too Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 05/12] dir: Make the DO_MATCH_SUBMODULE code reusable for a non-submodule case Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 06/12] dir: If our pathspec might match files under a dir, recurse into it Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 07/12] dir: add commentary explaining match_pathspec_item's return value Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 08/12] git-clean.txt: do not claim we will delete files with -n/--dry-run Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 09/12] clean: disambiguate the definition of -d Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 10/12] clean: avoid removing untracked files in a nested git repository Elijah Newren
2019-09-05 21:20 ` SZEDER Gábor
2019-09-05 15:47 ` [RFC PATCH v2 11/12] clean: rewrap overly long line Elijah Newren
2019-09-05 15:47 ` [RFC PATCH v2 12/12] clean: fix theoretical path corruption Elijah Newren
2019-09-05 19:27 ` SZEDER Gábor [this message]
2019-09-07 0:34 ` Elijah Newren
2019-09-05 19:01 ` [RFC PATCH v2 00/12] Fix some git clean issues SZEDER Gábor
2019-09-07 0:33 ` Elijah Newren
2019-09-12 22:12 ` [PATCH v3 " Elijah Newren
2019-09-12 22:12 ` [PATCH v3 01/12] t7300: add testcases showing failure to clean specified pathspecs Elijah Newren
2019-09-13 18:54 ` Junio C Hamano
2019-09-13 19:10 ` Elijah Newren
2019-09-13 20:29 ` Junio C Hamano
2019-09-12 22:12 ` [PATCH v3 02/12] dir: fix typo in comment Elijah Newren
2019-09-12 22:12 ` [PATCH v3 03/12] dir: fix off-by-one error in match_pathspec_item Elijah Newren
2019-09-13 19:05 ` Junio C Hamano
2019-09-12 22:12 ` [PATCH v3 04/12] dir: also check directories for matching pathspecs Elijah Newren
2019-09-12 22:12 ` [PATCH v3 05/12] dir: make the DO_MATCH_SUBMODULE code reusable for a non-submodule case Elijah Newren
2019-09-12 22:12 ` [PATCH v3 06/12] dir: if our pathspec might match files under a dir, recurse into it Elijah Newren
2019-09-13 19:45 ` Junio C Hamano
2019-09-12 22:12 ` [PATCH v3 07/12] dir: add commentary explaining match_pathspec_item's return value Elijah Newren
2019-09-13 20:04 ` Junio C Hamano
2019-09-12 22:12 ` [PATCH v3 08/12] git-clean.txt: do not claim we will delete files with -n/--dry-run Elijah Newren
2019-09-12 22:12 ` [PATCH v3 09/12] clean: disambiguate the definition of -d Elijah Newren
2019-09-12 22:12 ` [PATCH v3 10/12] clean: avoid removing untracked files in a nested git repository Elijah Newren
2019-09-12 22:12 ` [PATCH v3 11/12] clean: rewrap overly long line Elijah Newren
2019-09-12 22:12 ` [PATCH v3 12/12] clean: fix theoretical path corruption Elijah Newren
2019-09-17 16:34 ` [PATCH v4 00/12] Fix some git clean issues Elijah Newren
2019-09-17 16:34 ` [PATCH v4 01/12] t7300: add testcases showing failure to clean specified pathspecs Elijah Newren
2019-09-17 16:34 ` [PATCH v4 02/12] dir: fix typo in comment Elijah Newren
2019-09-17 16:34 ` [PATCH v4 03/12] dir: fix off-by-one error in match_pathspec_item Elijah Newren
2019-09-17 16:34 ` [PATCH v4 04/12] dir: also check directories for matching pathspecs Elijah Newren
2019-09-25 20:39 ` [BUG] git is segfaulting, was " Denton Liu
2019-09-25 21:28 ` Elijah Newren
2019-09-25 21:55 ` Denton Liu
2019-09-26 20:35 ` Denton Liu
2019-09-27 0:12 ` Elijah Newren
2019-09-27 1:09 ` SZEDER Gábor
2019-09-27 2:17 ` SZEDER Gábor
2019-09-27 17:10 ` Denton Liu
2019-09-30 19:11 ` [PATCH] dir: special case check for the possibility that pathspec is NULL Elijah Newren
2019-09-30 22:31 ` Denton Liu
2019-10-01 7:01 ` Elijah Newren
2019-10-01 18:30 ` [PATCH v2] " Elijah Newren
2019-10-01 18:40 ` Denton Liu
2019-10-01 18:54 ` Elijah Newren
2019-10-01 18:55 ` [PATCH v3] " Elijah Newren
2019-10-01 19:35 ` Denton Liu
2019-10-01 19:39 ` Elijah Newren
2019-10-02 15:51 ` Elijah Newren
2019-10-07 18:04 ` SZEDER Gábor
2019-09-17 16:34 ` [PATCH v4 05/12] dir: make the DO_MATCH_SUBMODULE code reusable for a non-submodule case Elijah Newren
2019-09-17 16:34 ` [PATCH v4 06/12] dir: if our pathspec might match files under a dir, recurse into it Elijah Newren
2019-09-17 16:34 ` [PATCH v4 07/12] dir: add commentary explaining match_pathspec_item's return value Elijah Newren
2019-09-17 16:35 ` [PATCH v4 08/12] git-clean.txt: do not claim we will delete files with -n/--dry-run Elijah Newren
2019-09-17 16:35 ` [PATCH v4 09/12] clean: disambiguate the definition of -d Elijah Newren
2019-09-17 16:35 ` [PATCH v4 10/12] clean: avoid removing untracked files in a nested git repository Elijah Newren
2019-09-17 16:35 ` [PATCH v4 11/12] clean: rewrap overly long line Elijah Newren
2019-09-17 16:35 ` [PATCH v4 12/12] clean: fix theoretical path corruption Elijah Newren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190905192744.GB32087@szeder.dev \
--to=szeder.dev@gmail.com \
--cc=git@vger.kernel.org \
--cc=newren@gmail.com \
--cc=peff@peff.net \
--cc=rafa.almas@gmail.com \
--cc=sxlijin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).