Thomas Gummerer <t.gummerer@xxxxxxxxx> writes:
> gcc on arch linux (version 7.1.1) warns that a NULL argument is passed
> as the second parameter of memcpy.
>
> In file included from refs.c:5:0:
> refs.c: In function ‘ref_transaction_verify’:
> cache.h:948:2: error: argument 2 null where non-null expected [-Werror=nonnull]
> memcpy(sha_dst, sha_src, GIT_SHA1_RAWSZ);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from git-compat-util.h:165:0,
> from cache.h:4,
> from refs.c:5:
> /usr/include/string.h:43:14: note: in a call to function ‘memcpy’ declared here
> extern void *memcpy (void *__restrict __dest, const void *__restrict __src,
> ^~~~~~
> ...
> diff --git a/refs.c b/refs.c
> index ba22f4acef..d8c12a9c44 100644
> --- a/refs.c
> +++ b/refs.c
> @@ -896,10 +896,14 @@ struct ref_update *ref_transaction_add_update(
>
> update->flags = flags;
>
> - if (flags & REF_HAVE_NEW)
> + if (flags & REF_HAVE_NEW) {
> + assert(new_sha1);
> hashcpy(update->new_oid.hash, new_sha1);
> - if (flags & REF_HAVE_OLD)
> + }
> + if (flags & REF_HAVE_OLD) {
> + assert(old_sha1);
> hashcpy(update->old_oid.hash, old_sha1);
> + }
It is hugely annoying to see a halfway-intelligent compiler forces
you to add such pointless asserts.
The only way the compiler could error on this is by inferring the
fact that new_sha1/old_sha1 could be NULL by looking at the callsite
in ref_transaction_update() where these are used as conditionals to
set HAVE_NEW/HAVE_OLD that are passed. Even if the compiler were
doing the whole-program analysis, the other two callsites of the
function pass the address of oid.hash[] in an oid structure so it
should know these won't be NULL.
Or is the compiler being really dumb and triggering an error for
every use of
memcpy(dst, src, size);
that must now be written as
assert(src);
memcpy(dst, src, size);
??? That would be doubly annoying.
I wonder if REF_HAVE_NEW/REF_HAVE_OLD are really needed in these
codepaths, though. Perhaps we can instead declare !!new_sha1 means
we have the new side and rewrite the above part to
if (new_sha1)
hashcpy(update->new_oid.hash, new_sha1);
without an extra and totally pointless assert()?
> update->msg = xstrdup_or_null(msg);
> return update;
> }
