Jeff King <peff@xxxxxxxx> writes:
>> + const char *buffer_begin = buffer;
>>
>> if (verify_headers(buffer, size, &commit->object, options))
>> return -1;
>
> You need this "buffer_begin" because we move the "buffer" pointer
> forward as we parse. But perhaps whole-buffer checks should simply go at
> the top (next to verify_headers) before we start advancing the pointer.
> To me, that makes the function's flow more natural.
That was my second iteration. I didn't want the function return
with warning without checking more serious errors that may be in the
object.
> But alternatively...
>
>> @@ -671,6 +673,12 @@ static int fsck_commit_buffer(struct commit *commit, const char *buffer,
>> if (err)
>> return err;
>> }
>> + if (memchr(buffer_begin, '\0', size)) {
>> + err = report(options, &commit->object, FSCK_MSG_NUL_IN_COMMIT,
>> + "NUL byte in the commit object body");
>> + if (err)
>> + return err;
>> + }
>
> Here we've parsed to the end of the headers we know about. We know
> there's no NUL there, because verify_headers() would have complained.
> And because the individual header parsers would have complained. So I
> actually think we could check from "buffer" (of course we do still need
> to record the beginning of the buffer to adjust "size" appropriately).
Yes, keeping the "begin" pointer is a cheap way to do an equivalent
of "adjusting size".
> It's a little more efficient (we don't have to memchr over the same
> bytes again). But I'd worry a little that doing it that way would
> introduce coupling between this check and verify_headers(), though (so
> that if the latter ever changes, our check may start missing cases).
>
> So yet another alternative would be to include this check in
> verify_headers(). It would parse to the end of the headers as now, and
> then from there additionally look for a NUL in the body.
>
> Of the three approaches, I think I like that third one. It's the most
> efficient, and I think the flow is pretty clear. We'd probably want to
> rename verify_headers(), though. :)
Sounds sensible, except the "should a mere warning hide potentially
more serious errors?" question remains.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html