On Wed, Jan 08, 2020 at 09:30:36AM -0800, Junio C Hamano wrote:
> Jeff King <peff@xxxxxxxx> writes:
>
> > On Tue, Jan 07, 2020 at 06:31:27PM -0800, Emily Shaffer wrote:
> >
> >> This issue came in via a bugreport from a user who had done some nasty
> >> things like deleting various files in .git/ (and then couldn't remember
> >> how they had done it). The concern was primarily that a segfault is ugly
> >> and scary, and possibly dangerous; I didn't see much problem with
> >> checking for index-out-of-range if the result is a fatal error
> >> regardless.
> >>
> >> [...]
> >> if (pos >= 0)
> >> BUG("This is a directory and should not exist in index");
> >> pos = -pos - 1;
> >> - if (!starts_with(o->src_index->cache[pos]->name, name.buf) ||
> >> + if (pos >= o->src_index->cache_nr ||
> >> + !starts_with(o->src_index->cache[pos]->name, name.buf) ||
> >> (pos > 0 && starts_with(o->src_index->cache[pos-1]->name, name.buf)))
> >> - BUG("pos must point at the first entry in this directory");
> >> + BUG("pos %d doesn't point to the first entry of %s in index",
> >> + pos, name.buf);
> >
> > The new condition you added looks correct to me. I suspect this BUG()
> > should not be a BUG() at all, though. It's not necessarily a logic error
> > inside Git, but as you showed it could indicate corrupt data we read
> > from disk. The true is probably same of the "pos >= 0" condition checked
> > above.
>
> It does not sound like a BUG to me, either, but the new condition
> does look correct to me, too. We can turn it into die() later if
> somebody truly cares ;-)
>
> Thanks, both. Will queue.
Thanks much for the quick turnaround. If I hear more noise I'll give it
a try with die() or error code instead, but for now I'll move on to the
next bug on my list. :)
- Emily
