Jeff King <peff@xxxxxxxx> writes:
> We use the normal tree_desc code to iterate over trees in fsck, meaning
> we only see the canonicalized modes it returns. And hence we'd never see
> anything unexpected, since it will coerce literally any garbage into one
> of our normal and accepted modes.
Wow. I did know canon_mode() deliberately discarding the extra
permission bits on trees and blobs, but it was that bad to mark
whatever it does not understand as a gitlink. That is simply
horrible.
> - if (init_tree_desc_gently(&desc, buffer, size, 0)) {
> + if (init_tree_desc_gently(&desc, buffer, size, TREE_DESC_RAW_MODES)) {
> retval += report(options, tree_oid, OBJ_TREE,
> FSCK_MSG_BAD_TREE,
> "cannot be parsed as a tree");
OK, so we'll let desc.entry.mode carry whatever bogus bit pattern we
got out of buffer and the downstream code already knows what to do
with them. That's a clean and minimum way to do this.
Thanks.
> diff --git a/t/t1450-fsck.sh b/t/t1450-fsck.sh
> index ab7f31f1dc..53c2aa10b7 100755
> --- a/t/t1450-fsck.sh
> +++ b/t/t1450-fsck.sh
> @@ -364,6 +364,20 @@ test_expect_success 'tree entry with type mismatch' '
> test_i18ngrep ! "dangling blob" out
> '
>
> +test_expect_success 'tree entry with bogus mode' '
> + test_when_finished "remove_object \$blob" &&
> + test_when_finished "remove_object \$tree" &&
> + blob=$(echo blob | git hash-object -w --stdin) &&
> + blob_oct=$(echo $blob | hex2oct) &&
> + tree=$(printf "100000 foo\0${blob_oct}" |
> + git hash-object -t tree --stdin -w --literally) &&
> + git fsck 2>err &&
> + cat >expect <<-EOF &&
> + warning in tree $tree: badFilemode: contains bad file modes
> + EOF
> + test_cmp expect err
> +'
> +
> test_expect_success 'tag pointing to nonexistent' '
> badoid=$(test_oid deadbeef) &&
> cat >invalid-tag <<-EOF &&
