Shawn O. Pearce wrote: > Liu Yubao <yubao.liu@xxxxxxxxx> wrote: >> diff --git a/sha1_file.c b/sha1_file.c >> index dccc455..79062f0 100644 >> --- a/sha1_file.c >> +++ b/sha1_file.c >> @@ -1099,7 +1099,8 @@ static void *map_sha1_file(const unsigned char *sha1, unsigned long *size) >> >> if (!fstat(fd, &st)) { >> *size = xsize_t(st.st_size); >> - map = xmmap(NULL, *size, PROT_READ, MAP_PRIVATE, fd, 0); >> + if (*size > 0) >> + map = xmmap(NULL, *size, PROT_READ, MAP_PRIVATE, fd, 0); >> } >> close(fd); >> } > > This has nothing to do with this change description. Why are we > returning NULL from map_sha1_file when the file length is 0 bytes? > No loose object should ever be an empty file, there must always be > some sort of type header present. So it probably is an error to > have a 0 length file here. But that bug is a different change. > Also a defensive programming for uncompressed loose object because the mapped memory will be passed to parse_sha1_header() directly without being checked by inflateInit(). In fact unpack_sha1_header() in current code calls legacy_loose_object() without checking mapsize first. If it encounters (very very unlikely) a corrupted empty loose object, it will crash. >> @@ -1257,6 +1258,8 @@ static int parse_sha1_header(const char *hdr, unsigned long length, unsigned lon >> * terminating '\0' that we add), and is followed by >> * a space, at least one byte for size, and a '\0'. >> */ >> + if ('b' != *hdr && 'c' != *hdr && 't' != *hdr) /* blob/commit/tag/tree */ >> + return -1; >> i = 0; >> while (hdr < hdr_end - 2) { >> char c = *hdr++; > > Oh. I wouldn't do that. Its a cute trick and it works to quickly > determine if the header is an uncompressed header vs. a zlib header > vs. a new-style loose object header (which git cannot write anymore, > but it still can read). But its just asking for trouble when/if a > new object type was ever added to the type table. > I can't agree any more, it's just a trick. I considered adding a function seems_likely_uncompressed_loose_object(), but I didn't because this patch series are just my first try, I don't know whether the idea to support uncompressed loose object is attractive enough. > Given that we know that no type name can be more than 10 bytes and > if you use my patch from earlier today you can be certain hdr has a > '\0' terminator, so you could write a function to test for the type > against the hdr, stopping on either ' ' or '\0'. Or find the first > ' ' in the first 10 bytes (which is what this loop does anyway) and > then test that against the type name table. > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html