commit-graph.c: handle corrupt/missing trees

ttaylorr · gitster · commit 806278dead57 · 2019-09-09T10:55:59.000-07:00
Apply similar treatment as in the previous commit to handle an unchecked
call to 'get_commit_tree_oid()'. Previously, a NULL return value from
this function would be immediately dereferenced with '-&gt;hash', and then
cause a segfault.

Before dereferencing to access the 'hash' member, check the return value
of 'get_commit_tree_oid()' to make sure that it is not NULL.

To make this check correct, a related change is also needed in
'commit.c', which is to check the return value of 'get_commit_tree'
before taking its address. If 'get_commit_tree' returns NULL, we
encounter an undefined behavior when taking the address of the return
value of 'get_commit_tree' and then taking '-&gt;object.oid'. (On my system,
this is memory address 0x8, which is obviously wrong).

Fix this by making sure that 'get_commit_tree' returns something
non-NULL before digging through a structure that is not there, thus
preventing a segfault down the line in the commit graph code.

Signed-off-by: Taylor Blau &lt;me@ttaylorr.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/commit-graph.c b/commit-graph.c
@@ -839,14 +839,19 @@ static void write_graph_chunk_data(struct hashfile *f, int hash_len,
 
 	while (list < last) {
 		struct commit_list *parent;
+		struct object_id *tree;
 		int edge_value;
 		uint32_t packedDate[2];
 		display_progress(ctx->progress, ++ctx->progress_cnt);
 
 		if (parse_commit_no_graph(*list))
 			die(_("unable to parse commit %s"),
 				oid_to_hex(&(*list)->object.oid));
-		hashwrite(f, get_commit_tree_oid(*list)->hash, hash_len);
+		tree = get_commit_tree_oid(*list);
+		if (!tree)
+			die(_("unable to get tree for %s"),
+				oid_to_hex(&(*list)->object.oid));
+		hashwrite(f, tree->hash, hash_len);
 
 		parent = (*list)->parents;
 
diff --git a/commit.c b/commit.c
@@ -358,7 +358,8 @@ struct tree *repo_get_commit_tree(struct repository *r,
 
 struct object_id *get_commit_tree_oid(const struct commit *commit)
 {
-	return &get_commit_tree(commit)->object.oid;
+	struct tree *tree = get_commit_tree(commit);
+	return tree ? &tree->object.oid : NULL;
 }
 
 void release_commit_memory(struct parsed_object_pool *pool, struct commit *c)
diff --git a/t/t5318-commit-graph.sh b/t/t5318-commit-graph.sh
@@ -607,7 +607,7 @@ test_expect_success 'corrupt commit-graph write (broken parent)' '
 	)
 '
 
-test_expect_failure 'corrupt commit-graph write (missing tree)' '
+test_expect_success 'corrupt commit-graph write (missing tree)' '
 	rm -rf repo &&
 	git init repo &&
 	(

Original file line number	Diff line number	Diff line change
`@@ -358,7 +358,8 @@ struct tree repo_get_commit_tree(struct repository r,`
`358`	`358`
`359`	`359`	`struct object_id get_commit_tree_oid(const struct commit commit)`
`360`	`360`	`{`
`361`		`- return &get_commit_tree(commit)->object.oid;`
	`361`	`+ struct tree *tree = get_commit_tree(commit);`
	`362`	`+ return tree ? &tree->object.oid : NULL;`
`362`	`363`	`}`
`363`	`364`
`364`	`365`	`void release_commit_memory(struct parsed_object_pool pool, struct commit c)`
Original file line number	Diff line number	Diff line change
`@@ -607,7 +607,7 @@ test_expect_success 'corrupt commit-graph write (broken parent)' '`
`607`	`607`	`)`
`608`	`608`	`'`
`609`	`609`
`610`		`-test_expect_failure 'corrupt commit-graph write (missing tree)' '`
	`610`	`+test_expect_success 'corrupt commit-graph write (missing tree)' '`
`611`	`611`	`rm -rf repo &&`
`612`	`612`	`git init repo &&`
`613`	`613`	`(`