Looking at the SHA1 validation code due to the corruption that Alexander
Litvinov is seeing under Cygwin, I notice that one of the most central
places where we read objects, we actually do end up verifying the SHA1 of
the result, but then we happily parse it anyway.
And using "printf" to write the error message means that it not only can
get lost, but will actually mess up stdout, and cause other strange and
hard-to-debug failures downstream.
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
---
Of course, messing up stdout is actually a good way to make sure that
anything that pipes stdout to another process will cause a failure in the
reading process, which is likely why we did it that way in the first
place. But any pipeline really *should* check the source process exit
status anyway, and it looks rather dangerous to return a valid object as
if nothing bad had happened!
NOTE! A lot of things don't do a "parse_object" at all, but use the raw
"read_sha1_file()" interface. So this won't catch all corrupted objects
when they are used, but since we already did the check there, we should at
least do the right thing.
Linus
---
object.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/object.c b/object.c
index 5b46889..78a44a6 100644
--- a/object.c
+++ b/object.c
@@ -184,8 +184,10 @@ struct object *parse_object(const unsigned char *sha1)
if (buffer) {
struct object *obj;
- if (check_sha1_signature(sha1, buffer, size, typename(type)) < 0)
- printf("sha1 mismatch %s\n", sha1_to_hex(sha1));
+ if (check_sha1_signature(sha1, buffer, size, typename(type)) < 0) {
+ error("sha1 mismatch %s\n", sha1_to_hex(sha1));
+ return NULL;
+ }
obj = parse_object_buffer(sha1, type, size, buffer, &eaten);
if (!eaten)
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html