On Thu, Jan 30, 2020 at 04:28:17PM -0800, Taylor Blau wrote:
> diff --git a/commit-graph.c b/commit-graph.c
> index 6d34829f57..02e6ad9d1f 100644
> --- a/commit-graph.c
> +++ b/commit-graph.c
> @@ -1565,15 +1565,18 @@ static void split_graph_merge_strategy(struct write_commit_graph_context *ctx)
> num_commits = ctx->commits.nr;
> ctx->num_commit_graphs_after = ctx->num_commit_graphs_before + 1;
>
> - while (g && (g->num_commits <= size_mult * num_commits ||
> - (max_commits && num_commits > max_commits))) {
> - if (g->odb != ctx->odb)
> - break;
> + if (ctx->split_opts->flags != COMMIT_GRAPH_SPLIT_MERGE_PROHIBITED) {
This line segfaults in the tests 'fetch.writeCommitGraph' and
'fetch.writeCommitGraph with submodules' in 't5510-fetch.sh', because
'git fetch' doesn't pass a 'split_opts' to the commit-graph functions.
Thread 1 "git" received signal SIGSEGV, Segmentation fault.
0x00000000005113dd in split_graph_merge_strategy (ctx=0x9ca930)
at commit-graph.c:1568
1568 if (ctx->split_opts->flags != COMMIT_GRAPH_SPLIT_MERGE_PROHIBITED) {
(gdb) p *ctx
$1 = {r = 0x9ae2a0 <the_repo>, odb = 0x9c0df0, graph_name = 0x0, oids = {
list = 0xa02660, nr = 12, alloc = 1024}, commits = {list = 0x9caa00,
nr = 6, alloc = 6}, num_extra_edges = 0, approx_nr_objects = 0,
progress = 0x0, progress_done = 0, progress_cnt = 0, base_graph_name = 0x0,
num_commit_graphs_before = 0, num_commit_graphs_after = 1,
commit_graph_filenames_before = 0x0, commit_graph_filenames_after = 0x0,
commit_graph_hash_after = 0x0, new_num_commits_in_base = 0,
new_base_graph = 0x0, append = 0, report_progress = 1, split = 1,
check_oids = 0, split_opts = 0x0}
^^^^^^^^^^^^^^^^
(gdb) bt
#0 0x00000000005113dd in split_graph_merge_strategy (ctx=0x9ca930)
at commit-graph.c:1568
#1 0x0000000000512446 in write_commit_graph (odb=0x9c0df0, pack_indexes=0x0,
commit_hex=0x7fffffffd550,
flags=(COMMIT_GRAPH_WRITE_PROGRESS | COMMIT_GRAPH_WRITE_SPLIT),
split_opts=0x0) at commit-graph.c:1891
#2 0x000000000050fd86 in write_commit_graph_reachable (odb=0x9c0df0,
flags=(COMMIT_GRAPH_WRITE_PROGRESS | COMMIT_GRAPH_WRITE_SPLIT),
split_opts=0x0) at commit-graph.c:1174
^^^^^^^^^^^^^^
#3 0x0000000000444ea4 in cmd_fetch (argc=0, argv=0x7fffffffd9b8, prefix=0x0)
at builtin/fetch.c:1873
#4 0x0000000000406154 in run_builtin (p=0x969a88 <commands+840>, argc=2,
argv=0x7fffffffd9b0) at git.c:444
#5 0x00000000004064a4 in handle_builtin (argc=2, argv=0x7fffffffd9b0)
at git.c:674
#6 0x000000000040674c in run_argv (argcp=0x7fffffffd84c, argv=0x7fffffffd840)
at git.c:741
#7 0x0000000000406bbd in cmd_main (argc=2, argv=0x7fffffffd9b0) at git.c:872
#8 0x00000000004cfd4e in main (argc=5, argv=0x7fffffffd998)
at common-main.c:52
Note that this function split_graph_merge_strategy() does look at
various fields in 'ctx->split_opts' a bit earlier, but those accesses
are protected by a 'if (ctx->split_opts)' condition.
expire_commit_graphs() does the same.
> + while (g && (g->num_commits <= size_mult * num_commits ||
> + (max_commits && num_commits > max_commits) ||
> + (ctx->split_opts->flags == COMMIT_GRAPH_SPLIT_MERGE_REQUIRED))) {
> + if (g->odb != ctx->odb)
> + break;
>
> - num_commits += g->num_commits;
> - g = g->base_graph;
> + num_commits += g->num_commits;
> + g = g->base_graph;
>
> - ctx->num_commit_graphs_after--;
> + ctx->num_commit_graphs_after--;
> + }
> }
>
