| Message ID | YMIMg+uXDjzS70g5@coredump.intra.peff.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 7f53f78b04b49c2060c23df6566aceb3ba394aea |
| Headers | show |
| Series | fix union merge with binary files | expand |
On Thu, Jun 10, 2021 at 6:00 AM Jeff King <peff@peff.net> wrote: > > Since cd1d61c44f (make union merge an xdl merge favor, 2010-03-01), we > pass NULL to ll_xdl_merge() for the "name" labels of the ancestor, ours > and theirs buffers. We usually use these for annotating conflict markers > left in a file. For a union merge, these shouldn't matter; the point of > it is that we'd never leave conflict markers in the first place. > > But there is one code path where we may dereference them: if the file > contents appear to be binary, ll_binary_merge() will give up and pass > them to warning() to generate a message for the user (that was true even > when cd1d61c44f was written, though the warning was in ll_xdl_merge() > back then). > > That can result in a segfault, though on many systems (including glibc), > the printf routines will helpfully just say "(null)" instead. We can > extend our binary-union test in t6406 to check stderr, which catches the > problem on all systems. Nice catch (as is your 1/2 as well). > This also fixes a warning from "gcc -O3". Unlike lower optimization > levels, it inlines enough to see that the NULL can make it to warning() > and complains: > > In function ‘ll_binary_merge’, > inlined from ‘ll_xdl_merge’ at ll-merge.c:115:10, > inlined from ‘ll_union_merge’ at ll-merge.c:151:9: > ll-merge.c:74:4: warning: ‘%s’ directive argument is null [-Wformat-overflow=] > 74 | warning("Cannot merge binary files: %s (%s vs. %s)", > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 75 | path, name1, name2); > | ~~~~~~~~~~~~~~~~~~~ So the warning uses path as well as name1 and name2... > > Signed-off-by: Jeff King <peff@peff.net> > --- > ll-merge.c | 2 +- > t/t6406-merge-attr.sh | 3 ++- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/ll-merge.c b/ll-merge.c > index 145deb12fa..0ee34d8a01 100644 > --- a/ll-merge.c > +++ b/ll-merge.c > @@ -151,7 +151,7 @@ static int ll_union_merge(const struct ll_merge_driver *drv_unused, > o = *opts; > o.variant = XDL_MERGE_FAVOR_UNION; > return ll_xdl_merge(drv_unused, result, path_unused, Should we also rename 'path_unused' to 'path', since it is actually used? > - orig, NULL, src1, NULL, src2, NULL, > + orig, orig_name, src1, name1, src2, name2, > &o, marker_size); > } > > diff --git a/t/t6406-merge-attr.sh b/t/t6406-merge-attr.sh > index c1c458d933..8494645837 100755 > --- a/t/t6406-merge-attr.sh > +++ b/t/t6406-merge-attr.sh > @@ -221,7 +221,8 @@ test_expect_success 'binary files with union attribute' ' > printf "two\0" >bin.txt && > git commit -am two && > > - test_must_fail git merge bin-main > + test_must_fail git merge bin-main 2>stderr && > + grep -i "warning.*cannot merge.*HEAD vs. bin-main" stderr > ' > > test_done > -- > 2.32.0.529.g079a794268 This patch has a minor textual conflict with my remerge-diff series, but since I haven't submitted it yet, that's my problem rather than yours...and it will be an easy fix anyway. Anyway, good catches. Other than maybe considering fixing the name of 'path_unused', this looks good to me.
diff --git a/ll-merge.c b/ll-merge.c index 145deb12fa..0ee34d8a01 100644 --- a/ll-merge.c +++ b/ll-merge.c @@ -151,7 +151,7 @@ static int ll_union_merge(const struct ll_merge_driver *drv_unused, o = *opts; o.variant = XDL_MERGE_FAVOR_UNION; return ll_xdl_merge(drv_unused, result, path_unused, - orig, NULL, src1, NULL, src2, NULL, + orig, orig_name, src1, name1, src2, name2, &o, marker_size); } diff --git a/t/t6406-merge-attr.sh b/t/t6406-merge-attr.sh index c1c458d933..8494645837 100755 --- a/t/t6406-merge-attr.sh +++ b/t/t6406-merge-attr.sh @@ -221,7 +221,8 @@ test_expect_success 'binary files with union attribute' ' printf "two\0" >bin.txt && git commit -am two && - test_must_fail git merge bin-main + test_must_fail git merge bin-main 2>stderr && + grep -i "warning.*cannot merge.*HEAD vs. bin-main" stderr ' test_done
Since cd1d61c44f (make union merge an xdl merge favor, 2010-03-01), we pass NULL to ll_xdl_merge() for the "name" labels of the ancestor, ours and theirs buffers. We usually use these for annotating conflict markers left in a file. For a union merge, these shouldn't matter; the point of it is that we'd never leave conflict markers in the first place. But there is one code path where we may dereference them: if the file contents appear to be binary, ll_binary_merge() will give up and pass them to warning() to generate a message for the user (that was true even when cd1d61c44f was written, though the warning was in ll_xdl_merge() back then). That can result in a segfault, though on many systems (including glibc), the printf routines will helpfully just say "(null)" instead. We can extend our binary-union test in t6406 to check stderr, which catches the problem on all systems. This also fixes a warning from "gcc -O3". Unlike lower optimization levels, it inlines enough to see that the NULL can make it to warning() and complains: In function ‘ll_binary_merge’, inlined from ‘ll_xdl_merge’ at ll-merge.c:115:10, inlined from ‘ll_union_merge’ at ll-merge.c:151:9: ll-merge.c:74:4: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 74 | warning("Cannot merge binary files: %s (%s vs. %s)", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 75 | path, name1, name2); | ~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jeff King <peff@peff.net> --- ll-merge.c | 2 +- t/t6406-merge-attr.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)