diff mbox series

bundle: don't segfault on "git bundle <subcmd>"

Message ID patch-1.1-2319eb2ddbd-20221220T133941Z-avarab@gmail.com (mailing list archive)
State Accepted
Commit 891cb09db6c0e6bf11b8175bc5ea5f45493afb85
Headers show
Series bundle: don't segfault on "git bundle <subcmd>" | expand

Commit Message

Ævar Arnfjörð Bjarmason Dec. 20, 2022, 1:40 p.m. UTC
Since aef7d75e580 (builtin/bundle.c: let parse-options parse
subcommands, 2022-08-19) we've been segfaulting if no argument was
provided.

The fix is easy, as all of the "git bundle" subcommands require a
non-option argument we can check that we have arguments left after
calling parse-options().

This makes use of code added in 73c3253d75e (bundle: framework for
options before bundle file, 2019-11-10), before this change that code
has always been unreachable. In 73c3253d75e we'd never reach it as we
already checked "argc < 2" in cmd_bundle() itself.

Then when aef7d75e580 (whose segfault we're fixing here) migrated this
code to the subcommand API it removed that "argc < 2" check, but we
were still checking the wrong "argc" in parse_options_cmd_bundle(), we
need to check the "newargc". The "argc" will always be >= 1, as it
will necessarily contain at least the subcommand name
itself (e.g. "create").

As an aside, this could be safely squashed into this, but let's not do
that for this minimal segfault fix, as it's an unrelated refactoring:

	--- a/builtin/bundle.c
	+++ b/builtin/bundle.c
	@@ -55,13 +55,12 @@ static int parse_options_cmd_bundle(int argc,
	 		const char * const usagestr[],
	 		const struct option options[],
	 		char **bundle_file) {
	-	int newargc;
	-	newargc = parse_options(argc, argv, NULL, options, usagestr,
	+	argc = parse_options(argc, argv, NULL, options, usagestr,
	 			     PARSE_OPT_STOP_AT_NON_OPTION);
	-	if (!newargc)
	+	if (!argc)
	 		usage_with_options(usagestr, options);
	 	*bundle_file = prefix_filename(prefix, argv[0]);
	-	return newargc;
	+	return argc;
	 }

	 static int cmd_bundle_create(int argc, const char **argv, const char *prefix) {

Reported-by: Hubert Jasudowicz <hubertj@stmcyber.pl>
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---

A proposed replacement for
https://lore.kernel.org/git/20221220123142.812965-1-hubertj@stmcyber.pl/;
let's move forward & add a test rather than reverting away from the
subcommand APIe

 builtin/bundle.c       | 2 +-
 t/t6020-bundle-misc.sh | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

Comments

Hubert Jasudowicz Dec. 20, 2022, 1:50 p.m. UTC | #1
On 12/20/22 14:40, Ævar Arnfjörð Bjarmason wrote:> A proposed replacement for
> https://lore.kernel.org/git/20221220123142.812965-1-hubertj@stmcyber.pl/;
> let's move forward & add a test rather than reverting away from the
> subcommand APIe
> 
>  builtin/bundle.c       | 2 +-
>  t/t6020-bundle-misc.sh | 7 +++++++
>  2 files changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/builtin/bundle.c b/builtin/bundle.c
> index c12c09f8549..61c76284768 100644
> --- a/builtin/bundle.c
> +++ b/builtin/bundle.c
> @@ -58,7 +58,7 @@ static int parse_options_cmd_bundle(int argc,
>  	int newargc;
>  	newargc = parse_options(argc, argv, NULL, options, usagestr,
>  			     PARSE_OPT_STOP_AT_NON_OPTION);
> -	if (argc < 1)
> +	if (!newargc)
>  		usage_with_options(usagestr, options);
>  	*bundle_file = prefix_filename(prefix, argv[0]);
>  	return newargc;
> diff --git a/t/t6020-bundle-misc.sh b/t/t6020-bundle-misc.sh
> index 833205125ab..3a1cf30b1d7 100755
> --- a/t/t6020-bundle-misc.sh
> +++ b/t/t6020-bundle-misc.sh
> @@ -11,6 +11,13 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
>  . ./test-lib.sh
>  . "$TEST_DIRECTORY"/lib-bundle.sh
>  
> +for cmd in create verify list-heads unbundle
> +do
> +	test_expect_success "usage: git bundle $cmd needs an argument" '
> +		test_expect_code 129 git bundle $cmd
> +	'
> +done
> +
>  # Create a commit or tag and set the variable with the object ID.
>  test_commit_setvar () {
>  	notick=

Seems to work. Thanks!

Tested-by: Hubert Jasudowicz <hubertj@stmcyber.pl>

Hubert Jasudowicz
Junio C Hamano Dec. 25, 2022, 11:05 a.m. UTC | #2
Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> As an aside, this could be safely squashed into this, but let's not do
> that for this minimal segfault fix, as it's an unrelated refactoring:
>
> 	--- a/builtin/bundle.c
> 	+++ b/builtin/bundle.c
> 	@@ -55,13 +55,12 @@ static int parse_options_cmd_bundle(int argc,
> 	 		const char * const usagestr[],
> 	 		const struct option options[],
> 	 		char **bundle_file) {
> 	-	int newargc;
> 	-	newargc = parse_options(argc, argv, NULL, options, usagestr,
> 	+	argc = parse_options(argc, argv, NULL, options, usagestr,
> 	 			     PARSE_OPT_STOP_AT_NON_OPTION);
> 	-	if (!newargc)
> 	+	if (!argc)
> 	 		usage_with_options(usagestr, options);
> 	 	*bundle_file = prefix_filename(prefix, argv[0]);
> 	-	return newargc;
> 	+	return argc;
> 	 }

That would actually make the intent much clearer and if the code
were written to update argc instead of introducing a separate
varilable, this bug would not have happened.

Thanks, will queue (without the clean-up at least for now).
Junio C Hamano Dec. 25, 2022, 11:06 a.m. UTC | #3
Hubert Jasudowicz <hubert.jasudowicz@stmcyber.pl> writes:

> Seems to work. Thanks!
>
> Tested-by: Hubert Jasudowicz <hubertj@stmcyber.pl>
>
> Hubert Jasudowicz

Thanks for reporting and testing.
diff mbox series

Patch

diff --git a/builtin/bundle.c b/builtin/bundle.c
index c12c09f8549..61c76284768 100644
--- a/builtin/bundle.c
+++ b/builtin/bundle.c
@@ -58,7 +58,7 @@  static int parse_options_cmd_bundle(int argc,
 	int newargc;
 	newargc = parse_options(argc, argv, NULL, options, usagestr,
 			     PARSE_OPT_STOP_AT_NON_OPTION);
-	if (argc < 1)
+	if (!newargc)
 		usage_with_options(usagestr, options);
 	*bundle_file = prefix_filename(prefix, argv[0]);
 	return newargc;
diff --git a/t/t6020-bundle-misc.sh b/t/t6020-bundle-misc.sh
index 833205125ab..3a1cf30b1d7 100755
--- a/t/t6020-bundle-misc.sh
+++ b/t/t6020-bundle-misc.sh
@@ -11,6 +11,13 @@  export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
 . ./test-lib.sh
 . "$TEST_DIRECTORY"/lib-bundle.sh
 
+for cmd in create verify list-heads unbundle
+do
+	test_expect_success "usage: git bundle $cmd needs an argument" '
+		test_expect_code 129 git bundle $cmd
+	'
+done
+
 # Create a commit or tag and set the variable with the object ID.
 test_commit_setvar () {
 	notick=