"Johannes Schindelin via GitGitGadget" <gitgitgadget@xxxxxxxxx>
writes:
> From: Johannes Schindelin <johannes.schindelin@xxxxxx>
>
> The `total_nr` field in the `todo_list` structure merely serves display
> purposes, and should only be used when generating the progress message.
This is a good distinction to keep in mind.
I notice that sequencer.h does not do a very good job at giving
guidance on how these members are to be used.
struct todo_list {
struct strbuf buf;
struct todo_item *items;
int nr, alloc, current;
int done_nr, total_nr;
};
The <nr,alloc> tuple lets readers to guess they are tied to the
items[] array, so perhaps it is sufficient to give a comment to
total_nr member and probably done_nr while we are at it.
> In these two instances, however, we want to loop over all of the
> commands in the parsed rebase script. The loop limit therefore needs to
> be `nr`, which refers to the count of commands in the current
> `todo_list`.
Yes.
> This is important because the two numbers, `nr` and `total_nr` can
> differ wildly, e.g. due to `total_nr` _not_ counting comments or empty
> lines, while `nr` skips any commands that already moved from the
> `git-rebase-todo` file to the `done` file.
OK. The items[] array has not just executable insn but also holds
comments and NOOP, and <nr,alloc> tuple is used to control its
sizing in the usual ALLOC_GROW() way. Because total_nr is used only
for progress, it naturally excludes the no-ops. Elements of items[]
array are consumed in core by incrementing the current pointer and
nr will not update while that is happening, but when the sequencer
gives control the user and then takes the control back upon resuming,
items[] would contain only the insns that have not been moved to the
done list, meaning that 'nr' would shrink. total_nr is compensated
by reading the done list and adds its size to 'nr'.
OK, that all makes sense. The whole arrangement sounds like a bit
more error prone than necessary (an obvious alternative is to just
always keep the whole todo list with "done up to here" pointner) but
changing that is not in the scope of these fixes, because such an
arrangement wouldn't have prevented this particular bug from
happening, as total_nr and nr could still be different due to
no-ops.
> diff --git a/sequencer.c b/sequencer.c
> index 5f22b7cd377..f5d89abdc5e 100644
> --- a/sequencer.c
> +++ b/sequencer.c
> @@ -4202,7 +4202,7 @@ void todo_list_filter_update_refs(struct repository *r,
> if (!is_null_oid(&rec->after))
> continue;
>
> - for (j = 0; !found && j < todo_list->total_nr; j++) {
> + for (j = 0; !found && j < todo_list->nr; j++) {
> struct todo_item *item = &todo_list->items[j];
The .total_nr member could be smaller (because it does not count
noops) or larger (because it counts already done steps that are not
in the items[]) than the .nr member, and the old code could have
made out-of-bounds access into the items[] array. It is now
corrected. Excellent.
> const char *arg = todo_list->buf.buf + item->arg_offset;
>
> @@ -4232,7 +4232,7 @@ void todo_list_filter_update_refs(struct repository *r,
> * For each todo_item, check if its ref is in the update_refs list.
> * If not, then add it as an un-updated ref.
> */
> - for (i = 0; i < todo_list->total_nr; i++) {
> + for (i = 0; i < todo_list->nr; i++) {
> struct todo_item *item = &todo_list->items[i];
> const char *arg = todo_list->buf.buf + item->arg_offset;
> int j, found = 0;
Ditto. Will queue.
Thanks.
