The commit-graph sub-commands 'write', 'verify' both take an
'--object-dir' argument, which is used to specify the location of an
object directory containing commit-graphs.
However, there was no verification that the '--object-dir' argument
was an object directory. In the case of an '--object-dir' argument that
either (1) doesn't exist, or (2) isn't an object directory, 'git
commit-graph ...' would exit silently with status zero.
This can clearly lead to unintended behavior, such as verifying
commit-graphs that aren't in a repository's own object store (or one of
its alternates), or causing a typo to mask a legitimate commit-graph
verification failure.
To remedy this, let's wrap 'find_odb()' with 'find_odb_or_die()' and
cause the above such errors to produce an error and non-zero exit code.
Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx>
---
Documentation/git-commit-graph.txt | 5 ++++-
builtin/commit-graph.c | 13 +++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/Documentation/git-commit-graph.txt b/Documentation/git-commit-graph.txt
index bcd85c1976..28d1fee505 100644
--- a/Documentation/git-commit-graph.txt
+++ b/Documentation/git-commit-graph.txt
@@ -26,7 +26,10 @@ OPTIONS
file. This parameter exists to specify the location of an alternate
that only has the objects directory, not a full `.git` directory. The
commit-graph file is expected to be in the `<dir>/info` directory and
- the packfiles are expected to be in `<dir>/pack`.
+ the packfiles are expected to be in `<dir>/pack`. If the directory
+ could not be made into an absolute path, or does not match any known
+ object directory, `git commit-graph ...` will exit with non-zero
+ status.
--[no-]progress::
Turn progress on/off explicitly. If neither is specified, progress is
diff --git a/builtin/commit-graph.c b/builtin/commit-graph.c
index 3edac318e8..93ff90d73b 100644
--- a/builtin/commit-graph.c
+++ b/builtin/commit-graph.c
@@ -34,6 +34,15 @@ static struct opts_commit_graph {
int progress;
} opts;
+static struct object_directory *find_odb_or_die(struct repository *r,
+ const char *obj_dir)
+{
+ struct object_directory *odb = find_odb(r, obj_dir);
+ if (!odb)
+ die(_("could not find object directory matching %s"), obj_dir);
+ return odb;
+}
+
static int graph_verify(int argc, const char **argv)
{
struct commit_graph *graph = NULL;
@@ -78,7 +87,7 @@ static int graph_verify(int argc, const char **argv)
graph = load_commit_graph_one_fd_st(fd, &st);
else {
struct object_directory *odb;
- if ((odb = find_odb(the_repository, opts.obj_dir)))
+ if ((odb = find_odb_or_die(the_repository, opts.obj_dir)))
graph = read_commit_graph_one(the_repository, odb);
}
@@ -149,7 +158,7 @@ static int graph_write(int argc, const char **argv)
flags |= COMMIT_GRAPH_WRITE_PROGRESS;
read_replace_refs = 0;
- odb = find_odb(the_repository, opts.obj_dir);
+ odb = find_odb_or_die(the_repository, opts.obj_dir);
if (opts.reachable) {
if (write_commit_graph_reachable(odb->path, flags, &split_opts))
--
2.25.0.dirty
