Jeff King <peff@xxxxxxxx> writes:
> On Tue, Jan 07, 2020 at 06:31:27PM -0800, Emily Shaffer wrote:
>
>> This issue came in via a bugreport from a user who had done some nasty
>> things like deleting various files in .git/ (and then couldn't remember
>> how they had done it). The concern was primarily that a segfault is ugly
>> and scary, and possibly dangerous; I didn't see much problem with
>> checking for index-out-of-range if the result is a fatal error
>> regardless.
>>
>> [...]
>> if (pos >= 0)
>> BUG("This is a directory and should not exist in index");
>> pos = -pos - 1;
>> - if (!starts_with(o->src_index->cache[pos]->name, name.buf) ||
>> + if (pos >= o->src_index->cache_nr ||
>> + !starts_with(o->src_index->cache[pos]->name, name.buf) ||
>> (pos > 0 && starts_with(o->src_index->cache[pos-1]->name, name.buf)))
>> - BUG("pos must point at the first entry in this directory");
>> + BUG("pos %d doesn't point to the first entry of %s in index",
>> + pos, name.buf);
>
> The new condition you added looks correct to me. I suspect this BUG()
> should not be a BUG() at all, though. It's not necessarily a logic error
> inside Git, but as you showed it could indicate corrupt data we read
> from disk. The true is probably same of the "pos >= 0" condition checked
> above.
It does not sound like a BUG to me, either, but the new condition
does look correct to me, too. We can turn it into die() later if
somebody truly cares ;-)
Thanks, both. Will queue.
> It's mostly an academic distinction, though, as I think it would be
> pretty reasonable for now to just die() here (eventually, though, we
> might want to turn it into an error return).
>
> -Peff
