git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: "ZheNing Hu via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>,
	Johannes Schindelin <Johannes.Schindelin@gmx.de>,
	ZheNing Hu <adlternative@gmail.com>,
	ZheNing Hu <adlternative@gmail.com>
Subject: [PATCH v2] [GSOC] ref-filter: fix read invalid union member bug
Date: Thu, 06 May 2021 16:31:16 +0000	[thread overview]
Message-ID: <pull.949.v2.git.1620318676776.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.949.git.1620228664666.gitgitgadget@gmail.com>

From: ZheNing Hu <adlternative@gmail.com>

used_atom.u is an union, and it has different members depending on
what atom the auxiliary data the union part of the "struct
used_atom" wants to record.  At most only one of the members can be
valid at any one time.  Since the code checks u.remote_ref without
even making sure if the atom is "push" or "push:" (which are only
two cases that u.remote_ref.push becomes valid), but u.remote_ref
shares the same storage for other members of the union, the check
was reading from an invalid member, which was the bug.

Modify the condition here to first check whether the atom name
starts with "push", and then check u.remote_ref, to avoid reading
the value of invalid member of the union.

Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: ZheNing Hu <adlternative@gmail.com>
---
    [GSOC] ref-filter: fix read invalid union member bug
    
    Change from last version: Modified the documentation description with
    the help of Junio. And modify the processing method of the condition:
    check whether the name of the atom starts with "push" and whether
    u.remote_ref is non-zero.

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-949%2Fadlternative%2Fref-filter-enum-bug-fix-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-949/adlternative/ref-filter-enum-bug-fix-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/949

Range-diff vs v1:

 1:  e51ca176f76b ! 1:  0e1923c9d722 [GSOC] ref-filter: solve bugs caused by enumeration
     @@ Metadata
      Author: ZheNing Hu <adlternative@gmail.com>
      
       ## Commit message ##
     -    [GSOC] ref-filter: solve bugs caused by enumeration
     +    [GSOC] ref-filter: fix read invalid union member bug
      
     -    Johannes Schindelin seems to have introduced a bug in
     -    cc72385f(for-each-ref: let upstream/push optionally
     -    report the remote name), it use `atom->u.remote_ref.option`
     -    which is a member of enumeration in the judgment statement.
     -    When we use other members in the enumeration `used_atom.u`,
     -    and it happened to fill in `remote_ref.push`, this judgment
     -    may still be established and produces errors. So replace the
     -    judgment statement with `starts_with(name, "push")` to fix
     -    the error.
     +    used_atom.u is an union, and it has different members depending on
     +    what atom the auxiliary data the union part of the "struct
     +    used_atom" wants to record.  At most only one of the members can be
     +    valid at any one time.  Since the code checks u.remote_ref without
     +    even making sure if the atom is "push" or "push:" (which are only
     +    two cases that u.remote_ref.push becomes valid), but u.remote_ref
     +    shares the same storage for other members of the union, the check
     +    was reading from an invalid member, which was the bug.
      
     +    Modify the condition here to first check whether the atom name
     +    starts with "push", and then check u.remote_ref, to avoid reading
     +    the value of invalid member of the union.
     +
     +    Helped-by: Junio C Hamano <gitster@pobox.com>
          Signed-off-by: ZheNing Hu <adlternative@gmail.com>
      
       ## ref-filter.c ##
     @@ ref-filter.c: static int populate_value(struct ref_array_item *ref, struct strbu
       				v->s = xstrdup("");
       			continue;
      -		} else if (atom->u.remote_ref.push) {
     -+		} else if (starts_with(name, "push")) {
     ++		} else if (starts_with(name, "push") && atom->u.remote_ref.push) {
       			const char *branch_name;
       			v->s = xstrdup("");
       			if (!skip_prefix(ref->refname, "refs/heads/",


 ref-filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ref-filter.c b/ref-filter.c
index a0adb4551d87..750b25914b82 100644
--- a/ref-filter.c
+++ b/ref-filter.c
@@ -1730,7 +1730,7 @@ static int populate_value(struct ref_array_item *ref, struct strbuf *err)
 			else
 				v->s = xstrdup("");
 			continue;
-		} else if (atom->u.remote_ref.push) {
+		} else if (starts_with(name, "push") && atom->u.remote_ref.push) {
 			const char *branch_name;
 			v->s = xstrdup("");
 			if (!skip_prefix(ref->refname, "refs/heads/",

base-commit: 311531c9de557d25ac087c1637818bd2aad6eb3a
-- 
gitgitgadget

  parent reply	other threads:[~2021-05-06 16:31 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-05 15:31 [PATCH] [GSOC] ref-filter: solve bugs caused by enumeration ZheNing Hu via GitGitGadget
2021-05-06  1:53 ` Junio C Hamano
2021-05-06  5:02   ` ZheNing Hu
2021-05-06  5:35     ` Junio C Hamano
2021-05-06 10:39       ` ZheNing Hu
2021-05-06 11:20         ` Junio C Hamano
2021-05-06 11:52           ` ZheNing Hu
2021-05-06 21:20             ` Junio C Hamano
2021-05-07  4:32               ` ZheNing Hu
2021-05-07  4:49                 ` Junio C Hamano
2021-05-07  5:09                   ` ZheNing Hu
2021-05-06 16:31 ` ZheNing Hu via GitGitGadget [this message]
2021-05-08 15:26   ` [PATCH v3] [GSOC] ref-filter: fix read invalid union member bug ZheNing Hu via GitGitGadget
2021-05-10  7:21     ` Junio C Hamano
2021-05-10 12:35       ` ZheNing Hu
2021-05-10  7:27     ` Junio C Hamano
2021-05-10 12:51       ` ZheNing Hu
2021-05-10 15:01     ` [PATCH v4] " ZheNing Hu via GitGitGadget
2021-05-11  2:29       ` Junio C Hamano
2021-05-11  6:28         ` ZheNing Hu
2021-05-11  9:30           ` Junio C Hamano
2021-05-11 11:47             ` ZheNing Hu
2021-05-11 13:12               ` Junio C Hamano
2021-05-11 13:31                 ` ZheNing Hu
2021-05-11 15:35       ` [PATCH v5] " ZheNing Hu via GitGitGadget
2021-05-12  1:36         ` Junio C Hamano
2021-05-12 10:37           ` ZheNing Hu
2021-05-12 12:12         ` [PATCH v6] " ZheNing Hu via GitGitGadget
2021-05-12 23:24           ` Junio C Hamano
2021-05-13  9:29             ` ZheNing Hu
2021-05-13 15:13           ` [PATCH v7] " ZheNing Hu via GitGitGadget

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=pull.949.v2.git.1620318676776.gitgitgadget@gmail.com \
    --to=gitgitgadget@gmail.com \
    --cc=Johannes.Schindelin@gmx.de \
    --cc=adlternative@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).