| Message ID | 20190930202818.2172-1-emilyshaffer@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] promisor-remote: skip move_to_tail when no-op | expand |
On Mon, Sep 30, 2019 at 01:28:18PM -0700, Emily Shaffer wrote: > Previously, when promisor_remote_move_to_tail() is called for a > promisor_remote which is currently the final element in promisors, a > cycle is created in the promisors linked list. This cycle leads to a > double free later on in promisor_remote_clear() when the final element > of the promisors list is removed: promisors is set to promisors->next (a > no-op, as promisors->next == promisors); the previous value of promisors > is free()'d; then the new value of promisors (which is equal to the > previous value of promisors) is also free()'d. This double-free error > was unrecoverable for the user without removing the filter or re-cloning > the repo and hoping to miss this edge case. > > Now, when promisor_remote_move_to_tail() would be a no-op, just do a > no-op. In cases of promisor_remote_move_to_tail() where r is not already > at the tail of the list, it works as before. > > Helped-by: Jeff King <peff@peff.net> > Signed-off-by: Emily Shaffer <emilyshaffer@google.com> > --- > Fixed up some nits from Peff in v2. Thanks especially for the catch on > capturing the output of the fetch - I had been grepping it before I > realized that test_must_fail accounted for unexpected signal exits, and > forgot to remove the redirect. Thanks, this looks pretty good, except one little thing: > +test_expect_success 'single promisor remote can be re-initialized gracefully' ' > + # ensure one promisor is in the promisors list > + rm -rf repo && > + test_create_repo repo && > + test_create_repo other && > + git -C repo remote add foo "file://$(pwd)/other" && > + git -C repo config remote.foo.promisor true && > + git -C repo config extensions.partialclone foo && > + > + # reinitialize the promisors list; this must fail gracefully > + git -C repo fetch --filter=blob:none foo > +' We expect this to succeed now, so "this must fail gracefully" no longer applies, right? -Peff
diff --git a/promisor-remote.c b/promisor-remote.c index 9bc296cdde..9bd5b79d59 100644 --- a/promisor-remote.c +++ b/promisor-remote.c @@ -89,6 +89,9 @@ static struct promisor_remote *promisor_remote_lookup(const char *remote_name, static void promisor_remote_move_to_tail(struct promisor_remote *r, struct promisor_remote *previous) { + if (r->next == NULL) + return; + if (previous) previous->next = r->next; else diff --git a/t/t0410-partial-clone.sh b/t/t0410-partial-clone.sh index d4b7e535ea..12274705c2 100755 --- a/t/t0410-partial-clone.sh +++ b/t/t0410-partial-clone.sh @@ -429,6 +429,19 @@ test_expect_success 'rev-list dies for missing objects on cmd line' ' done ' +test_expect_success 'single promisor remote can be re-initialized gracefully' ' + # ensure one promisor is in the promisors list + rm -rf repo && + test_create_repo repo && + test_create_repo other && + git -C repo remote add foo "file://$(pwd)/other" && + git -C repo config remote.foo.promisor true && + git -C repo config extensions.partialclone foo && + + # reinitialize the promisors list; this must fail gracefully + git -C repo fetch --filter=blob:none foo +' + test_expect_success 'gc repacks promisor objects separately from non-promisor objects' ' rm -rf repo && test_create_repo repo &&
Previously, when promisor_remote_move_to_tail() is called for a promisor_remote which is currently the final element in promisors, a cycle is created in the promisors linked list. This cycle leads to a double free later on in promisor_remote_clear() when the final element of the promisors list is removed: promisors is set to promisors->next (a no-op, as promisors->next == promisors); the previous value of promisors is free()'d; then the new value of promisors (which is equal to the previous value of promisors) is also free()'d. This double-free error was unrecoverable for the user without removing the filter or re-cloning the repo and hoping to miss this edge case. Now, when promisor_remote_move_to_tail() would be a no-op, just do a no-op. In cases of promisor_remote_move_to_tail() where r is not already at the tail of the list, it works as before. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Emily Shaffer <emilyshaffer@google.com> --- Fixed up some nits from Peff in v2. Thanks especially for the catch on capturing the output of the fetch - I had been grepping it before I realized that test_must_fail accounted for unexpected signal exits, and forgot to remove the redirect. - Emily promisor-remote.c | 3 +++ t/t0410-partial-clone.sh | 13 +++++++++++++ 2 files changed, 16 insertions(+)