From: "René Scharfe" <l.s.r@web.de>
To: Vegard Nossum <vegard.nossum@oracle.com>,
Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org
Cc: Christian Couder <christian.couder@gmail.com>,
Michal Zalewski <lcamtuf@google.com>
Subject: Re: [PATCH 2/2] apply: handle assertion failure gracefully
Date: Tue, 27 Jun 2017 19:03:47 +0200 [thread overview]
Message-ID: <ef6886c0-d567-ced1-3caf-98bd5557c580@web.de> (raw)
In-Reply-To: <20170225101307.24067-2-vegard.nossum@oracle.com>
Am 25.02.2017 um 11:13 schrieb Vegard Nossum:
> For the patches in the added testcases, we were crashing with:
>
> git-apply: apply.c:3665: check_preimage: Assertion `patch->is_new <= 0' failed.
> diff --git a/t/t4154-apply-git-header.sh b/t/t4154-apply-git-header.sh
> index d651af4a2..c440c48ad 100755
> --- a/t/t4154-apply-git-header.sh
> +++ b/t/t4154-apply-git-header.sh
> @@ -12,4 +12,40 @@ rename new 0
> EOF
> '
>
> +test_expect_success 'apply deleted file mode / new file mode / wrong mode' '
> + test_must_fail git apply << EOF
> +diff --git a/. b/.
> +deleted file mode
> +new file mode
> +EOF
> +'
-- >8 --
Subject: [PATCH] apply: check git diffs for invalid file modes
An empty string as mode specification is accepted silently by git apply,
as Vegard Nossum found out using AFL. It's interpreted as zero. Reject
such bogus file modes, and only accept ones consisting exclusively of
octal digits.
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
---
apply.c | 17 ++++++++++++-----
t/t4129-apply-samemode.sh | 16 +++++++++++++++-
2 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/apply.c b/apply.c
index 8a5e44c474..db38bc3cdd 100644
--- a/apply.c
+++ b/apply.c
@@ -1001,20 +1001,27 @@ static int gitdiff_newname(struct apply_state *state,
DIFF_NEW_NAME);
}
+static int parse_mode_line(const char *line, int linenr, unsigned int *mode)
+{
+ char *end;
+ *mode = strtoul(line, &end, 8);
+ if (end == line || !isspace(*end))
+ return error(_("invalid mode on line %d: %s"), linenr, line);
+ return 0;
+}
+
static int gitdiff_oldmode(struct apply_state *state,
const char *line,
struct patch *patch)
{
- patch->old_mode = strtoul(line, NULL, 8);
- return 0;
+ return parse_mode_line(line, state->linenr, &patch->old_mode);
}
static int gitdiff_newmode(struct apply_state *state,
const char *line,
struct patch *patch)
{
- patch->new_mode = strtoul(line, NULL, 8);
- return 0;
+ return parse_mode_line(line, state->linenr, &patch->new_mode);
}
static int gitdiff_delete(struct apply_state *state,
@@ -1128,7 +1135,7 @@ static int gitdiff_index(struct apply_state *state,
memcpy(patch->new_sha1_prefix, line, len);
patch->new_sha1_prefix[len] = 0;
if (*ptr == ' ')
- patch->old_mode = strtoul(ptr+1, NULL, 8);
+ return gitdiff_oldmode(state, ptr + 1, patch);
return 0;
}
diff --git a/t/t4129-apply-samemode.sh b/t/t4129-apply-samemode.sh
index c268298eaf..5cdd76dfa7 100755
--- a/t/t4129-apply-samemode.sh
+++ b/t/t4129-apply-samemode.sh
@@ -13,7 +13,9 @@ test_expect_success setup '
echo modified >file &&
git diff --stat -p >patch-0.txt &&
chmod +x file &&
- git diff --stat -p >patch-1.txt
+ git diff --stat -p >patch-1.txt &&
+ sed "s/^\(new mode \).*/\1/" <patch-1.txt >patch-empty-mode.txt &&
+ sed "s/^\(new mode \).*/\1garbage/" <patch-1.txt >patch-bogus-mode.txt
'
test_expect_success FILEMODE 'same mode (no index)' '
@@ -59,4 +61,16 @@ test_expect_success FILEMODE 'mode update (index only)' '
git ls-files -s file | grep "^100755"
'
+test_expect_success FILEMODE 'empty mode is rejected' '
+ git reset --hard &&
+ test_must_fail git apply patch-empty-mode.txt 2>err &&
+ test_i18ngrep "invalid mode" err
+'
+
+test_expect_success FILEMODE 'bogus mode is rejected' '
+ git reset --hard &&
+ test_must_fail git apply patch-bogus-mode.txt 2>err &&
+ test_i18ngrep "invalid mode" err
+'
+
test_done
--
2.13.2
next prev parent reply other threads:[~2017-06-27 17:04 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-25 10:13 [PATCH 1/2] apply: guard against renames of non-existant empty files Vegard Nossum
2017-02-25 10:13 ` [PATCH 2/2] apply: handle assertion failure gracefully Vegard Nossum
2017-02-25 21:21 ` René Scharfe
2017-02-27 20:04 ` Junio C Hamano
2017-02-27 22:18 ` René Scharfe
2017-02-27 22:33 ` Junio C Hamano
2017-02-28 10:50 ` René Scharfe
2017-06-27 17:03 ` René Scharfe
2017-06-27 18:08 ` Junio C Hamano
2017-06-27 20:20 ` René Scharfe
2017-06-27 21:39 ` Junio C Hamano
2017-06-27 17:03 ` René Scharfe [this message]
2017-02-25 11:59 ` [PATCH 1/2] apply: guard against renames of non-existant empty files Philip Oakley
2017-02-25 12:06 ` Vegard Nossum
2017-02-25 12:47 ` Philip Oakley
2017-02-25 20:51 ` René Scharfe
2017-02-27 20:10 ` Junio C Hamano
2017-02-27 22:18 ` René Scharfe
2017-06-27 17:03 ` René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef6886c0-d567-ced1-3caf-98bd5557c580@web.de \
--to=l.s.r@web.de \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=lcamtuf@google.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).