[4/6] diff-delta: set size out-parameter to 0 for NULL delta
diff mbox series

Message ID 20190905225336.GD25657@sigill.intra.peff.net
State New
Headers show
  • [1/6] git-am: handle missing "author" when parsing commit
Related show

Commit Message

Jeff King Sept. 5, 2019, 10:53 p.m. UTC
When we cannot generate a delta, we return NULL but leave delta_size
untouched. This is generally OK, as callers rely on NULL to decide if
the output is usable or not. But it can confuse compilers; in
particular, gcc 9.2.1 with "-flto -O3" complains in fast-import's
store_object() that delta_len may be used uninitialized.

Let's change the diff-delta code to set the size explicitly to 0 for a
NULL return. That silences the compiler and makes it easier to reason
about the result.

Reported-by: Stephan Beyer <s-beyer@gmx.net>
Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Jeff King <peff@peff.net>
I suspect this same pattern of "if we return error, out-parameters are
undefined" is used in a lot of other functions, too. And I wouldn't
necessarily want to go around changing all of them. But the fact that
this tickles the compiler makes me think it's worthwhile.

 diff-delta.c | 2 ++
 1 file changed, 2 insertions(+)

diff mbox series

diff --git a/diff-delta.c b/diff-delta.c
index e49643353b..77fea08dfb 100644
--- a/diff-delta.c
+++ b/diff-delta.c
@@ -326,6 +326,8 @@  create_delta(const struct delta_index *index,
 	const unsigned char *ref_data, *ref_top, *data, *top;
 	unsigned char *out;
+	*delta_size = 0;
 	if (!trg_buf || !trg_size)
 		return NULL;