On Tue, Jan 07, 2020 at 06:31:27PM -0800, Emily Shaffer wrote:
> This issue came in via a bugreport from a user who had done some nasty
> things like deleting various files in .git/ (and then couldn't remember
> how they had done it). The concern was primarily that a segfault is ugly
> and scary, and possibly dangerous; I didn't see much problem with
> checking for index-out-of-range if the result is a fatal error
> regardless.
>
> [...]
> if (pos >= 0)
> BUG("This is a directory and should not exist in index");
> pos = -pos - 1;
> - if (!starts_with(o->src_index->cache[pos]->name, name.buf) ||
> + if (pos >= o->src_index->cache_nr ||
> + !starts_with(o->src_index->cache[pos]->name, name.buf) ||
> (pos > 0 && starts_with(o->src_index->cache[pos-1]->name, name.buf)))
> - BUG("pos must point at the first entry in this directory");
> + BUG("pos %d doesn't point to the first entry of %s in index",
> + pos, name.buf);
The new condition you added looks correct to me. I suspect this BUG()
should not be a BUG() at all, though. It's not necessarily a logic error
inside Git, but as you showed it could indicate corrupt data we read
from disk. The true is probably same of the "pos >= 0" condition checked
above.
It's mostly an academic distinction, though, as I think it would be
pretty reasonable for now to just die() here (eventually, though, we
might want to turn it into an error return).
-Peff
