Junio C Hamano <gitster@xxxxxxxxx> 于2021年5月10日周一 下午3:21写道: > > "ZheNing Hu via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > > > From: ZheNing Hu <adlternative@xxxxxxxxx> > > > > used_atom.u is an union, and it has different members depending on > > what atom the auxiliary data the union part of the "struct > > used_atom" wants to record. At most only one of the members can be > > valid at any one time. Since the code checks u.remote_ref without > > even making sure if the atom is "push" or "push:" (which are only > > two cases that u.remote_ref.push becomes valid), but u.remote_ref > > shares the same storage for other members of the union, the check > > was reading from an invalid member, which was the bug. > > > > Modify the condition here to check whether the atom name > > equals to "push" or starts with "push:", to avoid reading the > > value of invalid member of the union. > > > > Helped-by: Junio C Hamano <gitster@xxxxxxxxx> > > Signed-off-by: ZheNing Hu <adlternative@xxxxxxxxx> > > --- > > [GSOC] ref-filter: fix read invalid union member bug > > > > Change from last version: > > Modify the processing method of the condition: check whether the name of > > the atom equals to "push" or starts with "pushs", which can enhanced > > security, although it may bring string match overhead. > > I do not think this would have much security implication either > way. What it buys us is the future-proofing. > Ah, truely. > I think it is OK to make this change without the enum thing to have > it graduate early as a fix to the existing code. The enum thing can > come on top. > Indeed. "enum atom_type" is for ref-filter performance optimization and get some other benefits like quick index. So I put it in another topic. > Will queue. Thanks. Thanks. -- ZheNing Hu
