Re: [PATCH] [RFC] sparse index: fix use-after-free bug in cache_tree_verify()

Junio C Hamano <gitster@xxxxxxxxx> · Wed, 06 Oct 2021 12:17:54 -0700

"Phillip Wood via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes:

/*
 * Please document what the values that can be returned from
 * this function are and what they mean, just before this
 * funciton.  I am guessing that this is "all bets are off and
 * you need to redo the computation again over the full in-core
 * index"?  It is not an error and I think it makes sense to use
 * positive 1 like this patch does instead of -1.
 */
>  
> -static void verify_one(struct repository *r,
> -		       struct index_state *istate,
> -		       struct cache_tree *it,
> -		       struct strbuf *path)
> +static int verify_one(struct repository *r,
> +		      struct index_state *istate,
> +		      struct cache_tree *it,
> +		      struct strbuf *path)
>  {

> @@ -907,6 +917,9 @@ void cache_tree_verify(struct repository *r, struct index_state *istate)
>  
>  	if (!istate->cache_tree)
>  		return;
> -	verify_one(r, istate, istate->cache_tree, &path);
> +	if (verify_one(r, istate, istate->cache_tree, &path)) {
> +		strbuf_reset(&path);
> +		verify_one(r, istate, istate->cache_tree, &path);
> +	}
>  	strbuf_release(&path);
>  }

This is just a style thing, but I would find it easier to follow if
it just recursed into itself, i.e.

-	verify_one(...);
+	if (verify_one(...))
+		cache_tree_verify(r, istate);

or

-	verify_one(...);
+	again:
+	if (verify_one(...))
+		strbuf_reset(&path);
+		goto again;
}	}

On the other hand, if the new code wants to say "I would retry at
most once, otherwise there is something wrong in me", then

> -	verify_one(r, istate, istate->cache_tree, &path);
> +	if (verify_one(r, istate, istate->cache_tree, &path)) {
> +		strbuf_reset(&path);
> +		if (verify_one(r, istate, istate->cache_tree, &path))
> +			BUG("...");
> +	}

would be better.

Other than that, nicely done.

> diff --git a/t/t1092-sparse-checkout-compatibility.sh b/t/t1092-sparse-checkout-compatibility.sh
> index 886e78715fe..85d5279b33c 100755
> --- a/t/t1092-sparse-checkout-compatibility.sh
> +++ b/t/t1092-sparse-checkout-compatibility.sh
> @@ -484,7 +484,7 @@ test_expect_success 'checkout and reset (mixed) [sparse]' '
>  test_expect_success 'merge, cherry-pick, and rebase' '
>  	init_repos &&
>  
> -	for OPERATION in "merge -m merge" cherry-pick rebase
> +	for OPERATION in "merge -m merge" cherry-pick "rebase --apply" "rebase --merge"
>  	do
>  		test_all_match git checkout -B temp update-deep &&
>  		test_all_match git $OPERATION update-folder1 &&
>
> base-commit: cefe983a320c03d7843ac78e73bd513a27806845