From: Taylor Blau <me@ttaylorr.com>
To: Glen Choo via GitGitGadget <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, Glen Choo <chooglen@google.com>
Subject: Re: [PATCH] config.c: NULL check when reading protected config
Date: Tue, 26 Jul 2022 13:27:21 -0400 [thread overview]
Message-ID: <YuAj+eBajf6jkJPc@nand.local> (raw)
In-Reply-To: <pull.1299.git.git.1658855372189.gitgitgadget@gmail.com>
On Tue, Jul 26, 2022 at 05:09:32PM +0000, Glen Choo via GitGitGadget wrote:
> From: Glen Choo <chooglen@google.com>
>
> In read_protected_config(), check whether each file name is NULL before
> attempting to read it. This mirrors do_git_config_sequence() (which
> read_protected_config() is modelled after).
s/modelled/modeled
> Without these NULL checks,
>
> make SANITIZE=address test T=t0410*.sh
I'm glad that t0410 was catching this for us already, though it is too
bad we didn't see it outside of the ASan builds, or I think we could
have potentially caught this earlier.
Either way, I think the test coverage here is sufficient, so what you
wrote makes sense.
> diff --git a/config.c b/config.c
> index 015bec360f5..b0ba7f439a4 100644
> --- a/config.c
> +++ b/config.c
> @@ -2645,9 +2645,12 @@ static void read_protected_config(void)
> system_config = git_system_config();
> git_global_config(&user_config, &xdg_config);
>
> - git_configset_add_file(&protected_config, system_config);
> - git_configset_add_file(&protected_config, xdg_config);
> - git_configset_add_file(&protected_config, user_config);
> + if (system_config)
> + git_configset_add_file(&protected_config, system_config);
> + if (xdg_config)
> + git_configset_add_file(&protected_config, xdg_config);
> + if (user_config)
> + git_configset_add_file(&protected_config, user_config);
> git_configset_add_parameters(&protected_config);
I wonder: should it become a BUG() to call git_configset_add_file() with
a NULL filename? That would have elevated the test failure outside of
just the ASAn builds, I'd think.
There's certainty a risk of being too defensive, but elevating this
error beyond just the ASan builds indicates that this would be an
appropriate layer of defense IMHO.
Thanks,
Taylor
next prev parent reply other threads:[~2022-07-26 17:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-26 17:09 [PATCH] config.c: NULL check when reading protected config Glen Choo via GitGitGadget
2022-07-26 17:27 ` Taylor Blau [this message]
2022-07-26 17:40 ` Glen Choo
2022-07-26 17:43 ` Taylor Blau
2022-07-26 17:51 ` Derrick Stolee
2022-07-26 19:42 ` Glen Choo
2022-07-26 19:03 ` Ævar Arnfjörð Bjarmason
2022-07-26 19:59 ` Glen Choo
2022-07-27 9:08 ` Ævar Arnfjörð Bjarmason
2022-07-26 22:21 ` [PATCH v2] " Glen Choo via GitGitGadget
2022-07-27 9:12 ` nonnull v.s. BUG() if !x (was: [PATCH v2] config.c: NULL check when reading protected config) Ævar Arnfjörð Bjarmason
2022-07-27 17:07 ` Glen Choo
2022-07-27 15:00 ` [PATCH v2] config.c: NULL check when reading protected config Junio C Hamano
2022-07-27 16:52 ` Glen Choo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YuAj+eBajf6jkJPc@nand.local \
--to=me@ttaylorr.com \
--cc=chooglen@google.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).