On Thu, Jan 12, 2023 at 10:01:28AM +0100, Ævar Arnfjörð Bjarmason wrote: > > - base = read_object(r, &base_oid, &type, &base_size); > > + > > + oi.typep = &type; > > + oi.sizep = &base_size; > > + oi.contentp = &base; > > + if (oid_object_info_extended(r, &base_oid, &oi, 0) < 0) > > + base = NULL; > > + > > external_base = base; > > } > > } > > This isn't introducing a behavior difference, in fact it's diligently > bending over backwards to preserve existing behavior, but I don't think > we need to do so, and shouldn't have this "base = NULL" line. > > Here we're within an "if" block where we tested that "base == NULL" > (which is why we're trying to populate it) > > Before when we had read_object() re-assigning to "base" here was the > obvious thing to do, but now this seems like undue an incomplete > paranoia. I think it's the same paranoia that was in read_object(). There it catches the error and returns NULL, rather than the probably-NULL "content" (though to be fair, it simply did not initialize the pointer, so it would have had to do that to depend on it). I agree it's probably being overly defensive. But I don't think oid_object_info_extended() makes any promises, and it's not completely clear to me if packed_object_info() could return a non-NULL entry here on an error (e.g., if packed_to_object_type() fails even after we pulled out the content). So probably yes, we could depend on that (and if not, arguably we should be fixing oid_object_info_extended(), because we are probably leaking a buffer in that case). But we definitely shouldn't be doing it in the middle of another patch. > If oid_object_info_extended() why can't we trust that it didn't touch > our "base"? And if we can't trust that, why are we trusting that it left > "type" and "base_size" untouched? My assumption is that "base" gated access to "type" and "base_size". So as long as "!base", we do not look at the other two. > I think squashing this in would be much better: > > diff --git a/packfile.c b/packfile.c > index 79e21ab18e7..f45017422a1 100644 > --- a/packfile.c > +++ b/packfile.c > @@ -1795,10 +1795,8 @@ void *unpack_entry(struct repository *r, struct packed_git *p, off_t obj_offset, > oi.typep = &type; > oi.sizep = &base_size; > oi.contentp = &base; > - if (oid_object_info_extended(r, &base_oid, &oi, 0) < 0) > - base = NULL; > - > - external_base = base; > + if (!oid_object_info_extended(r, &base_oid, &oi, 0)) > + external_base = base; > } > } > > Not only aren't we second-guessing that our "base" was left alone, we're > using the return value of oid_object_info_extended() to guard that > assignment to "external_base" instead (it's NULL at this point too). I don't think we need to guard the assignment (we know it will be NULL if we saw an error). But sure, I don't mind if you want to do that simplification, but it should be on top if at all. -Peff