On Wed, Nov 25, 2020 at 01:13:31PM -0800, Junio C Hamano wrote:
> Taylor Blau <me@xxxxxxxxxxxx> writes:
>
> > Here are a couple of patches that Peff and I wrote after noticing a
> > problem where racily disappearing .idx files can cause a segfault. While
> > investigating, we fixed a related issue which is described and fixed in
> > the second patch.
>
> In the cover letter it won't affect the end result, but when talking
> about "race", it always is a good idea to explicitly mention both
> sides of the race. It is clear what one side is in the above
> (i.e. somebody who removes .idx file that is still in use), but it
> is not so clear who gets hit and segfaults.
>
> I am guessing that the other party is the user of .pack file(s)
> bypassing the corresponding .idx file(s) because the necessary data
> is mostly in .midx?
Yeah, the race reproduction in the second commit message can actually
reproduce the segfault as well (it depends on the exact timing which
error you get). So the segfault is in the reader, who is not checking
the result of find_revindex_entry().
Arguably every call there should be checking for NULL, but in practice
I think it would always be a bug:
- we were somehow unable to open the index in order to generate the
revindex (which is what happened here). But I think we are better
off making sure that we can always do so, which is what this series
does.
- the caller asked about an object at a position beyond the number of
objects in the packfile. This is a bug in the caller.
So we could perhaps BUG() in find_revindex_entry() instead of returning
NULL. A quick segfault accomplishes mostly the same thing, though the
BUG() could distinguish the two cases more clearly.
-Peff
