From: Sebastian Thiel <sebastian.thiel@xxxxxxxxxx>
*in some environments.
When moving a directory onto another with `gix mv`
various checks are performed. One of of these
validates that the destination is not an existing
file.
When calling `lstat` on the destination path and
it fails as the path doesn't exist, some
environments seem to overwrite the passed in
`stat` memory nonetheless.
(I observed this issue on debian 12 of x86_64,
running on OrbStack on ARM, emulated with Rosetta)
This would affect the code that followed as it
would still acccess a now
modified `st` structure, which now seems to
contain uninitialized memory.
`S_ISDIR(st_dir_mode)` would then typically
return false causing the code to run into a bad
case.
The fix avoids overwriting the existing `st`
structure, providing an alternative that exists
only for that purpose.
Note that this patch minimizes complexity instead of stack-size.
Signed-off-by: Sebastian Thiel <sebastian.thiel@xxxxxxxxxx>
---
fix git mv existing-dir non-existing-dir*
fix git mv existing-dir non-existing-dir*
*in some environments.
When moving a directory onto another with gix mv various checks are
performed. One of of these validates that the destination is not an
existing file.
When calling lstat on the destination path and it fails as the path
doesn't exist, some environments seem to overwrite the passed in stat
memory nonetheless. (I observed this issue on debian 12 of x86_64,
running on OrbStack on ARM, emulated with Rosetta)
This would affect the code that followed as it would still acccess a now
modified st structure, which now seems to contain uninitialized memory.
S_ISDIR(st_dir_mode) would then typically return false causing the code
to run into a bad case.
The fix avoids overwriting the existing st structure, providing an
alternative that exists only for that purpose.
------------------------------------------------------------------------
It's worth pointing out that the test demonstrates this case only if one
happens to execute it in one of the environments that happen to have an
lstat that writes into stat even on error. Thus it already worked for me
on MacOS, even without the patch applied, which matches my observation
that a certain script works there but doesn't work on the VM.
Even though the patch now minimizes size, I can imagine one might
instead want to rather copy st.st_mode to protect only the relevant
field from being affected by potential rewrites of st later on.
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1561%2FByron%2Ffix-mv-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1561/Byron/fix-mv-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1561
builtin/mv.c | 4 ++--
t/t7001-mv.sh | 6 ++++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/builtin/mv.c b/builtin/mv.c
index fa84fcb20d8..05e7156034e 100644
--- a/builtin/mv.c
+++ b/builtin/mv.c
@@ -184,7 +184,7 @@ int cmd_mv(int argc, const char **argv, const char *prefix)
int src_dir_nr = 0, src_dir_alloc = 0;
struct strbuf a_src_dir = STRBUF_INIT;
enum update_mode *modes, dst_mode = 0;
- struct stat st;
+ struct stat st, dest_st;
struct string_list src_for_dst = STRING_LIST_INIT_NODUP;
struct lock_file lock_file = LOCK_INIT;
struct cache_entry *ce;
@@ -304,7 +304,7 @@ int cmd_mv(int argc, const char **argv, const char *prefix)
goto act_on_entry;
}
if (S_ISDIR(st.st_mode)
- && lstat(dst, &st) == 0) {
+ && lstat(dst, &dest_st) == 0) {
bad = _("cannot move directory over file");
goto act_on_entry;
}
diff --git a/t/t7001-mv.sh b/t/t7001-mv.sh
index 898a9205328..9894bc45ee6 100755
--- a/t/t7001-mv.sh
+++ b/t/t7001-mv.sh
@@ -174,6 +174,12 @@ test_expect_success 'do not move directory over existing directory' '
test_must_fail git mv path2 path0
'
+test_expect_success 'rename directory to non-existing directory' '
+ mkdir dir-a && touch dir-a/f &&
+ git add dir-a &&
+ git mv dir-a non-existing-dir
+'
+
test_expect_success 'move into "."' '
git mv path1/path2/ .
'
base-commit: 1b0a5129563ebe720330fdc8f5c6843d27641137
--
gitgitgadget
