From: keita <rudykeita@proton.me>
To: "git@vger.kernel.org" <git@vger.kernel.org>
Cc: "outreachy@gitgitgadget.github.io" <outreachy@gitgitgadget.github.io>
Subject: [PATCH] fsck: use starts_with() in fsck_commit()
Date: Fri, 31 Oct 2025 22:00:27 +0000 [thread overview]
Message-ID: <q4heOh8stc94r_P5mX-tucCyqQ1JdGP2dJ9Dot3WTyDboRWsboWMAIoCQIXuyuRvNRmN5AGQYjhmAnjuxgOXNooUDjPAEEvKPc2k_DCDEtY=@proton.me> (raw)
From 30136adebaffb97edacae2c58c4ea491e39e3f5b Mon Sep 17 00:00:00 2001From: Songiso Cooper Lyambai <rudykeita@proton.me>
Date: Fri, 31 Oct 2025 23:45:23 +0200
Subject: [PATCH] fsck: use starts_with() in fsck_commit()
Replace manual buffer checks with starts_with() for safety and clarity.
This avoids buffer overreads and follows Git's idiomatic style used
Signed-off-by: Songiso Cooper Lyambai <rudykeita@proton.me>
---
fsck.c | 124 +++++++++++++++++++++++++++++++--------------------------
1 file changed, 67 insertions(+), 57 deletions(-)
diff --git a/fsck.c b/fsck.c
index 341e100d24..7172c4ff1c 100644
--- a/fsck.c
+++ b/fsck.c
@@ -921,67 +921,77 @@ static int fsck_ident(const char **ident,
}
static int fsck_commit(const struct object_id *oid,
- const char *buffer, unsigned long size,
- struct fsck_options *options)
+ const char *buffer, unsigned long size,
+ struct fsck_options *options)
{
- struct object_id tree_oid, parent_oid;
- unsigned author_count;
- int err;
- const char *buffer_begin = buffer;
- const char *buffer_end = buffer + size;
- const char *p;
+ struct object_id tree_oid, parent_oid;
+ unsigned author_count = 0;
+ int err = 0;
+ const char *buffer_end = buffer + size;
+ const char *p;
- /*
- * We _must_ stop parsing immediately if this reports failure, as the
- * memory safety of the rest of the function depends on it. See the
- * comment above the definition of verify_headers() for more details.
- */
- if (verify_headers(buffer, size, oid, OBJ_COMMIT, options))
- return -1;
- if (buffer >= buffer_end || !skip_prefix(buffer, "tree ", &buffer))
- return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_TREE, "invalid format - expected 'tree' line");
- if (parse_oid_hex(buffer, &tree_oid, &p) || *p != '\n') {
- err = report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_TREE_SHA1, "invalid 'tree' line format - bad sha1");
- if (err)
- return err;
- }
- buffer = p + 1;
- while (buffer < buffer_end && skip_prefix(buffer, "parent ", &buffer)) {
- if (parse_oid_hex(buffer, &parent_oid, &p) || *p != '\n') {
- err = report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_PARENT_SHA1, "invalid 'parent' line format - bad sha1");
- if (err)
- return err;
- }
- buffer = p + 1;
- }
- author_count = 0;
- while (buffer < buffer_end && skip_prefix(buffer, "author ", &buffer)) {
- author_count++;
- err = fsck_ident(&buffer, oid, OBJ_COMMIT, options);
- if (err)
- return err;
- }
- if (author_count < 1)
- err = report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_AUTHOR, "invalid format - expected 'author' line");
- else if (author_count > 1)
- err = report(options, oid, OBJ_COMMIT, FSCK_MSG_MULTIPLE_AUTHORS, "invalid format - multiple 'author' lines");
- if (err)
- return err;
- if (buffer >= buffer_end || !skip_prefix(buffer, "committer ", &buffer))
- return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_COMMITTER, "invalid format - expected 'committer' line");
- err = fsck_ident(&buffer, oid, OBJ_COMMIT, options);
- if (err)
- return err;
- if (memchr(buffer_begin, '\0', size)) {
- err = report(options, oid, OBJ_COMMIT, FSCK_MSG_NUL_IN_COMMIT,
- "NUL byte in the commit object body");
- if (err)
- return err;
- }
- return 0;
+ /*
+ * We _must_ stop parsing immediately if this reports failure, as the
+ * memory safety of the rest of the function depends on it. See the
+ * comment above the definition of verify_headers() for more details.
+ */
+
+ if (verify_headers(buffer, size, oid, OBJ_COMMIT, options))
+ return -1;
+
+
+ if (!skip_prefix(buffer, "tree ", &buffer))
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_TREE,
+ "invalid format - expected 'tree' line");
+ if (parse_oid_hex(buffer, &tree_oid, &p) || *p != '\n') {
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_TREE_SHA1,
+ "invalid 'tree' line format - bad sha1");
+ }
+ buffer = p + 1;
+
+ while (starts_with(buffer, "parent ")) {
+ if (!skip_prefix(buffer, "parent ", &buffer) ||
+ parse_oid_hex(buffer, &parent_oid, &p) || *p != '\n') {
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_PARENT_SHA1,
+ "invalid 'parent' line format - bad sha1");
+ }
+ buffer = p + 1;
+ }
+
+ while (starts_with(buffer, "author ")) {
+ author_count++;
+ if (!skip_prefix(buffer, "author ", &buffer))
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_AUTHOR,
+ "invalid format - expected 'author' line");
+ if ((err = fsck_ident(&buffer, oid, OBJ_COMMIT, options)))
+ return err;
+ }
+
+ if (author_count < 1)
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_AUTHOR,
+ "invalid format - expected 'author' line");
+ if (author_count > 1)
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MULTIPLE_AUTHORS,
+ "invalid format - multiple 'author' lines");
+
+ if (!starts_with(buffer, "committer "))
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_COMMITTER,
+ "invalid format - expected 'committer' line");
+
+ if (!skip_prefix(buffer, "committer ", &buffer))
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_COMMITTER,
+ "invalid format - expected 'committer' line");
+
+ if ((err = fsck_ident(&buffer, oid, OBJ_COMMIT, options)))
+ return err;
+
+ if (memchr(buffer, '\0', buffer_end - buffer))
+ return report(options, oid, OBJ_COMMIT, FSCK_MSG_NUL_IN_COMMIT,
+ "NUL byte in the commit object body");
+
+ return 0;
}
next reply other threads:[~2025-10-31 22:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 22:00 keita [this message]
2025-11-01 14:59 ` [PATCH] fsck: use starts_with() in fsck_commit() Christian Couder
2025-11-02 3:58 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='q4heOh8stc94r_P5mX-tucCyqQ1JdGP2dJ9Dot3WTyDboRWsboWMAIoCQIXuyuRvNRmN5AGQYjhmAnjuxgOXNooUDjPAEEvKPc2k_DCDEtY=@proton.me' \
--to=rudykeita@proton.me \
--cc=git@vger.kernel.org \
--cc=outreachy@gitgitgadget.github.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).