Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes:
> On Thu, Jul 14 2022, Glen Choo via GitGitGadget wrote:
>
>> +/* Read values into protected_config. */
>> +static void read_protected_config(void)
>> +{
>> + char *xdg_config = NULL, *user_config = NULL, *system_config = NULL;
>> +
>> + git_configset_init(&protected_config);
>> +
>> + system_config = git_system_config();
>> + git_global_config(&user_config, &xdg_config);
>> +
>> + git_configset_add_file(&protected_config, system_config);
>> + git_configset_add_file(&protected_config, xdg_config);
>> + git_configset_add_file(&protected_config, user_config);
>> + git_configset_add_parameters(&protected_config);
>> +
>> + free(system_config);
>> + free(xdg_config);
>> + free(user_config);
>> +}
>
> Noticed after it landed on master: This change fails with:
>
> make SANITIZE=address test T=t0410*.sh
>
> Running that manually shows that we fail like this:
>
> $ cat trash\ directory.t0410-partial-clone/httpd/error.log | grep -o AH0.*
> AH00163: Apache/2.4.54 (Debian) configured -- resuming normal operations
> AH00094: Command line: '/usr/sbin/apache2 -d /home/avar/g/git/t/trash directory.t0410-partial-clone/httpd -f /home/avar/g/git/t/lib-httpd/apache.conf -c Listen 127.0.0.1:10410'
> AH01215: AddressSanitizer:DEADLYSIGNAL: /home/avar/g/git/git-http-backend
> AH01215: =================================================================: /home/avar/g/git/git-http-backend
> AH01215: ==27820==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f7af5dc0d66 bp 0x7fff11964450 sp 0x7fff11963be8 T0): /home/avar/g/git/git-http-backend
> AH01215: ==27820==The signal is caused by a READ memory access.: /home/avar/g/git/git-http-backend
> AH01215: ==27820==Hint: address points to the zero page.: /home/avar/g/git/git-http-backend
> AH01215: #0 0x7f7af5dc0d66 in __sanitizer::internal_strlen(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167: /home/avar/g/git/git-http-backend
> AH01215: #1 0x7f7af5d512f2 in __interceptor_fopen64 ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:6220: /home/avar/g/git/git-http-backend
> AH01215: #2 0x562a65e37cc8 in git_fopen compat/fopen.c:22: /home/avar/g/git/git-http-backend
> AH01215: #3 0x562a65df3879 in fopen_or_warn wrapper.c:431: /home/avar/g/git/git-http-backend
> AH01215: #4 0x562a65a12476 in git_config_from_file_with_options config.c:1982: /home/avar/g/git/git-http-backend
> AH01215: #5 0x562a65a124f4 in git_config_from_file config.c:1993: /home/avar/g/git/git-http-backend
> AH01215: #6 0x562a65a15288 in git_configset_add_file config.c:2389: /home/avar/g/git/git-http-backend
> AH01215: #7 0x562a65a16a37 in read_protected_config config.c:2649: /home/avar/g/git/git-http-backend
> AH01215: #8 0x562a65a16b5c in git_protected_config config.c:2661: /home/avar/g/git/git-http-backend
> AH01215: #9 0x562a65dd9f9a in get_upload_pack_config upload-pack.c:1342: /home/avar/g/git/git-http-backend
> AH01215: #10 0x562a65ddc1cb in upload_pack_v2 upload-pack.c:1706: /home/avar/g/git/git-http-backend
> AH01215: #11 0x562a65d2eb8a in process_request serve.c:308: /home/avar/g/git/git-http-backend
> AH01215: #12 0x562a65d2ec18 in protocol_v2_serve_loop serve.c:323: /home/avar/g/git/git-http-backend
> AH01215: #13 0x562a6593c5ae in cmd_upload_pack builtin/upload-pack.c:55: /home/avar/g/git/git-http-backend
> AH01215: #14 0x562a656cf8ff in run_builtin git.c:466: /home/avar/g/git/git-http-backend
> AH01215: #15 0x562a656d02ab in handle_builtin git.c:720: /home/avar/g/git/git-http-backend
> AH01215: #16 0x562a656d09d5 in run_argv git.c:787: /home/avar/g/git/git-http-backend
> AH01215: #17 0x562a656d174f in cmd_main git.c:920: /home/avar/g/git/git-http-backend
> AH01215: #18 0x562a6594b0b9 in main common-main.c:56: /home/avar/g/git/git-http-backend
> AH01215: #19 0x7f7af5a5681c in __libc_start_main ../csu/libc-start.c:332: /home/avar/g/git/git-http-backend
> AH01215: #20 0x562a656cb209 in _start (git+0x1d1209): /home/avar/g/git/git-http-backend
> AH01215: : /home/avar/g/git/git-http-backend
> AH01215: AddressSanitizer can not provide additional info.: /home/avar/g/git/git-http-backend
> AH01215: SUMMARY: AddressSanitizer: SEGV ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167 in __sanitizer::internal_strlen(char const*): /home/avar/g/git/git-http-backend
> AH01215: ==27820==ABORTING: /home/avar/g/git/git-http-backend
> AH01215: error: upload-pack died of signal 6: /home/avar/g/git/git-http-backend
>
> (We really should have a SANITIZE=address in CI, but it takes a while...)
Thanks. I narrowed the failure down to the hunk above, specifically this
line:
git_configset_add_file(&protected_config, xdg_config);
Since xdg_config can be NULL, this results in the failing call
fopen_or_warn(NULL, "r").
This logic was lifted from do_git_config_sequence(), which checks that
each of the paths are not NULL. So a fix might be something like:
----- >8 --------- >8 --------- >8 --------- >8 --------- >8 ----
diff --git a/config.c b/config.c
index 015bec360f..208a3dd7a7 100644
--- a/config.c
+++ b/config.c
@@ -2645,9 +2645,13 @@ static void read_protected_config(void)
system_config = git_system_config();
git_global_config(&user_config, &xdg_config);
- git_configset_add_file(&protected_config, system_config);
- git_configset_add_file(&protected_config, xdg_config);
- git_configset_add_file(&protected_config, user_config);
+
+ if (system_config)
+ git_configset_add_file(&protected_config, system_config);
+ if (xdg_config)
+ git_configset_add_file(&protected_config, xdg_config);
+ if (user_config)
+ git_configset_add_file(&protected_config, user_config);
git_configset_add_parameters(&protected_config);
free(system_config);
----- >8 --------- >8 --------- >8 --------- >8 --------- >8 ----
I'm not sure if system_config can ever be NULL, but (xdg|user)_config is
NULL when $HOME is unset, and xdg_config is also unset if
$GIT_CONFIG_GLOBAL is set.
