| Message ID | 20210203162823.15756-1-tboegi@web.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v4,1/1] MacOS: precompose_argv_prefix() | expand |
tboegi@web.de writes: > From: Torsten Bögershausen <tboegi@web.de> > > The following sequence leads to a "BUG" assertion running under MacOS: > > DIR=git-test-restore-p > Adiarnfd=$(printf 'A\314\210') > DIRNAME=xx${Adiarnfd}yy > mkdir $DIR && > cd $DIR && > git init && > mkdir $DIRNAME && > cd $DIRNAME && > echo "Initial" >file && > git add file && > echo "One more line" >>file && > echo y | git restore -p . > > Initialized empty Git repository in /tmp/git-test-restore-p/.git/ > BUG: pathspec.c:495: error initializing pathspec_item > Cannot close git diff-index --cached --numstat > [snip] > > The command `git restore` is run from a directory inside a Git repo. > Git needs to split the $CWD into 2 parts: > The path to the repo and "the rest", if any. > "The rest" becomes a "prefix" later used inside the pathspec code. > > As an example, "/path/to/repo/dir-inside-repå" would determine > "/path/to/repo" as the root of the repo, the place where the > configuration file .git/config is found. > > The rest becomes the prefix ("dir-inside-repå"), from where the > pathspec machinery expands the ".", more about this later. > If there is a decomposed form, (making the decomposing visible like this), > "dir-inside-rep°a" doesn't match "dir-inside-repå". > > Git commands need to: > > (a) read the configuration variable "core.precomposeunicode" > (b) precocompose argv[] > (c) precompose the prefix, if there was any > > The first commit, > 76759c7dff53 "git on Mac OS and precomposed unicode" > addressed (a) and (b). > > The call to precompose_argv() was added into parse-options.c, > because that seemed to be a good place when the patch was written. > > Commands that don't use parse-options need to do (a) and (b) themselfs. > > The commands `diff-files`, `diff-index`, `diff-tree` and `diff` > learned (a) and (b) in > commit 90a78b83e0b8 "diff: run arguments through precompose_argv" > > Branch names (or refs in general) using decomposed code points > resulting in decomposed file names had been fixed in > commit 8e712ef6fc97 "Honor core.precomposeUnicode in more places" > > The bug report from above shows 2 things: > - more commands need to handle precomposed unicode > - (c) should be implemented for all commands using pathspecs > > Solution: > precompose_argv() now handles the prefix (if needed), and is renamed into > precompose_argv_prefix(). > > Inside this function the config variable core.precomposeunicode is read > into the global variable precomposed_unicode, as before. > This reading is skipped if precomposed_unicode had been read before. > > The original patch for preocomposed unicode, 76759c7dff53, placed > precompose_argv() into parse-options.c > Now add it into git.c (as well) for commands that don't use parse-options. > Note that precompose() may be called twice - it is idempotent. Just as the prefix-less variant was idempotent and that was the reason why cmd_diff_files() had its own precompose() even if the incoming argv[] is supposed to be already precomposed because it was processed in another call to precompose() in run_builtin(), this patch keeps these seemingly redundant calls, because it is not meant as a clean-up but as a bugfix for the prefix part. OK. ... Ah, no, the call in run_builtin() is a new thing. We didn't have it, and the redundant call is what this patch introduced, so we need to be a bit more careful about the analysis here. It is one thing to say "we leave the existing iffy code and address only a single bug" and do so. It is entirely different to say so and then do "we introduce an iffy code and address only a single bug". We need to admit that what we added _is_ iffy but supposed to be safe. Just saying "it is supposed to be safe" without saying why it is iffy is dishonest and does not help future developers who may want to jump in and clean the code. Perhaps Now add it into git.c::run_builtin() as well. Existing precompose calls in diff-files.c and others would become redundant but because we do not want to make sure that there is no way for the control to reach them without passing run_builtin(), we'll keep them in place just in case. The calls to precompose() are idempotent so it should not hurt. or something? > - And yes, there may be more work to be done. For the moment I would like to > get this merged into git.git, and address the rest later. Sure. Thanks.
Junio C Hamano <gitster@pobox.com> writes: > Just as the prefix-less variant was idempotent and that was the > reason why cmd_diff_files() had its own precompose() even if the > incoming argv[] is supposed to be already precomposed because it > was processed in another call to precompose() in run_builtin(), > this patch keeps these seemingly redundant calls, because it is not > meant as a clean-up but as a bugfix for the prefix part. > > OK. ... Ah, no, the call in run_builtin() is a new thing. We didn't > have it, and the redundant call is what this patch introduced, so > we need to be a bit more careful about the analysis here. It is one > thing to say "we leave the existing iffy code and address only a > single bug" and do so. It is entirely different to say so and then > do "we introduce an iffy code and address only a single bug". We > need to admit that what we added _is_ iffy but supposed to be safe. > Just saying "it is supposed to be safe" without saying why it is > iffy is dishonest and does not help future developers who may want > to jump in and clean the code. > > Perhaps > > Now add it into git.c::run_builtin() as well. Existing > precompose calls in diff-files.c and others would become > redundant but because we do not want to make sure that there > is no way for the control to reach them without passing > run_builtin(), we'll keep them in place just in case. The > calls to precompose() are idempotent so it should not hurt. > > or something? FYI, I've tweaked the proposed log message like the following before queuing. I think that would be explicit enough to remind us that we may be able to improve the situation fairly easily. Thanks. 1: 071dfe8793 ! 1: 5c327502db MacOS: precompose_argv_prefix() @@ Commit message The original patch for preocomposed unicode, 76759c7dff53, placed precompose_argv() into parse-options.c - Now add it into git.c (as well) for commands that don't use parse-options. - Note that precompose() may be called twice - it is idempotent. + + Now add it into git.c::run_builtin() as well. Existing precompose + calls in diff-files.c and others may become redundant, and if we + audit the callflows that reach these places to make sure that they + can never be reached without going through the new call added to + run_builtin(), we might be able to remove these existing ones. + + But in this commit, we do not bother to do so and leave these + precompose callsites as they are. Because precompose() is + idempotent and can be called on an already precomposed string + safely, this is safer than removing existing calls without fully + vetting the callflows. There is certainly room for cleanups - this change intends to be a bug fix. Cleanups needs more tests in e.g. t/t3910-mac-os-precompose.sh, and should
On Wed, Feb 03, 2021 at 02:13:53PM -0800, Junio C Hamano wrote: > Junio C Hamano <gitster@pobox.com> writes: > > > Just as the prefix-less variant was idempotent and that was the > > reason why cmd_diff_files() had its own precompose() even if the > > incoming argv[] is supposed to be already precomposed because it > > was processed in another call to precompose() in run_builtin(), > > this patch keeps these seemingly redundant calls, because it is not > > meant as a clean-up but as a bugfix for the prefix part. > > > > OK. ... Ah, no, the call in run_builtin() is a new thing. We didn't > > have it, and the redundant call is what this patch introduced, so > > we need to be a bit more careful about the analysis here. It is one > > thing to say "we leave the existing iffy code and address only a > > single bug" and do so. It is entirely different to say so and then > > do "we introduce an iffy code and address only a single bug". We > > need to admit that what we added _is_ iffy but supposed to be safe. > > Just saying "it is supposed to be safe" without saying why it is > > iffy is dishonest and does not help future developers who may want > > to jump in and clean the code. > > > > Perhaps > > > > Now add it into git.c::run_builtin() as well. Existing > > precompose calls in diff-files.c and others would become > > redundant but because we do not want to make sure that there > > is no way for the control to reach them without passing > > run_builtin(), we'll keep them in place just in case. The > > calls to precompose() are idempotent so it should not hurt. > > > > or something? > > FYI, I've tweaked the proposed log message like the following before > queuing. I think that would be explicit enough to remind us that we > may be able to improve the situation fairly easily. > Thanks for helping me out. That gives me some time to look deeper and prepare more test cases ana a then cleanup on top of this patch (later).
diff --git a/builtin/diff-files.c b/builtin/diff-files.c index 1e352dd8f7..e3851dd1c0 100644 --- a/builtin/diff-files.c +++ b/builtin/diff-files.c @@ -35,7 +35,7 @@ int cmd_diff_files(int argc, const char **argv, const char *prefix) */ rev.diffopt.ita_invisible_in_index = 1; - precompose_argv(argc, argv); + prefix = precompose_argv_prefix(argc, argv, prefix); argc = setup_revisions(argc, argv, &rev, NULL); while (1 < argc && argv[1][0] == '-') { diff --git a/builtin/diff-index.c b/builtin/diff-index.c index 7f5281c461..c33d7af478 100644 --- a/builtin/diff-index.c +++ b/builtin/diff-index.c @@ -25,7 +25,7 @@ int cmd_diff_index(int argc, const char **argv, const char *prefix) git_config(git_diff_basic_config, NULL); /* no "diff" UI options */ repo_init_revisions(the_repository, &rev, prefix); rev.abbrev = 0; - precompose_argv(argc, argv); + prefix = precompose_argv_prefix(argc, argv, prefix); argc = setup_revisions(argc, argv, &rev, NULL); for (i = 1; i < argc; i++) { diff --git a/builtin/diff-tree.c b/builtin/diff-tree.c index 9fc95e959f..178d12f07f 100644 --- a/builtin/diff-tree.c +++ b/builtin/diff-tree.c @@ -126,7 +126,7 @@ int cmd_diff_tree(int argc, const char **argv, const char *prefix) memset(&s_r_opt, 0, sizeof(s_r_opt)); s_r_opt.tweak = diff_tree_tweak_rev; - precompose_argv(argc, argv); + prefix = precompose_argv_prefix(argc, argv, prefix); argc = setup_revisions(argc, argv, opt, &s_r_opt); memset(&w, 0, sizeof(w)); diff --git a/builtin/diff.c b/builtin/diff.c index 780c33877f..3c87c95967 100644 --- a/builtin/diff.c +++ b/builtin/diff.c @@ -452,7 +452,7 @@ int cmd_diff(int argc, const char **argv, const char *prefix) init_diff_ui_defaults(); git_config(git_diff_ui_config, NULL); - precompose_argv(argc, argv); + prefix = precompose_argv_prefix(argc, argv, prefix); repo_init_revisions(the_repository, &rev, prefix); diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c index c2bd882d17..9d505a6329 100644 --- a/builtin/submodule--helper.c +++ b/builtin/submodule--helper.c @@ -1257,7 +1257,7 @@ static int compute_summary_module_list(struct object_id *head_oid, git_config(git_diff_basic_config, NULL); init_revisions(&rev, info->prefix); rev.abbrev = 0; - precompose_argv(diff_args.nr, diff_args.v); + precompose_argv_prefix(diff_args.nr, diff_args.v, NULL); setup_revisions(diff_args.nr, diff_args.v, &rev, NULL); rev.diffopt.output_format = DIFF_FORMAT_NO_OUTPUT | DIFF_FORMAT_CALLBACK; rev.diffopt.format_callback = submodule_summary_callback; diff --git a/compat/precompose_utf8.c b/compat/precompose_utf8.c index 136250fbf6..ec560565a8 100644 --- a/compat/precompose_utf8.c +++ b/compat/precompose_utf8.c @@ -60,32 +60,46 @@ void probe_utf8_pathname_composition(void) strbuf_release(&path); } - -void precompose_argv(int argc, const char **argv) +static inline const char *precompose_string_if_needed(const char *in) { - int i = 0; - const char *oldarg; - char *newarg; - iconv_t ic_precompose; + size_t inlen; + size_t outlen; + if (has_non_ascii(in, (size_t)-1, &inlen)) { + iconv_t ic_prec; + char *out; + if (precomposed_unicode < 0) + git_config_get_bool("core.precomposeunicode", &precomposed_unicode); + if (precomposed_unicode != 1) + return in; + ic_prec = iconv_open(repo_encoding, path_encoding); + if (ic_prec == (iconv_t) -1) + return in; + + out = reencode_string_iconv(in, inlen, ic_prec, 0, &outlen); + if (out) { + if (outlen == inlen && !memcmp(in, out, outlen)) + free(out); /* no need to return indentical */ + else + in = out; + } + iconv_close(ic_prec); - if (precomposed_unicode != 1) - return; + } + return in; +} - ic_precompose = iconv_open(repo_encoding, path_encoding); - if (ic_precompose == (iconv_t) -1) - return; +const char *precompose_argv_prefix(int argc, const char **argv, const char *prefix) +{ + int i = 0; while (i < argc) { - size_t namelen; - oldarg = argv[i]; - if (has_non_ascii(oldarg, (size_t)-1, &namelen)) { - newarg = reencode_string_iconv(oldarg, namelen, ic_precompose, 0, NULL); - if (newarg) - argv[i] = newarg; - } + argv[i] = precompose_string_if_needed(argv[i]); i++; } - iconv_close(ic_precompose); + if (prefix) { + prefix = precompose_string_if_needed(prefix); + } + return prefix; } diff --git a/compat/precompose_utf8.h b/compat/precompose_utf8.h index 6f843d3e1a..d70b84665c 100644 --- a/compat/precompose_utf8.h +++ b/compat/precompose_utf8.h @@ -28,7 +28,7 @@ typedef struct { struct dirent_prec_psx *dirent_nfc; } PREC_DIR; -void precompose_argv(int argc, const char **argv); +const char *precompose_argv_prefix(int argc, const char **argv, const char *prefix); void probe_utf8_pathname_composition(void); PREC_DIR *precompose_utf8_opendir(const char *dirname); diff --git a/git-compat-util.h b/git-compat-util.h index 104993b975..93d9b4b7af 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -252,9 +252,9 @@ typedef unsigned long uintptr_t; #ifdef PRECOMPOSE_UNICODE #include "compat/precompose_utf8.h" #else -static inline void precompose_argv(int argc, const char **argv) +static inline const char *precompose_argv_prefix(int argc, const char **argv, const char *prefix) { - ; /* nothing */ + return prefix; } #define probe_utf8_pathname_composition() #endif diff --git a/git.c b/git.c index a00a0a4d94..16a485fbe7 100644 --- a/git.c +++ b/git.c @@ -420,7 +420,7 @@ static int run_builtin(struct cmd_struct *p, int argc, const char **argv) int nongit_ok; prefix = setup_git_directory_gently(&nongit_ok); } - + prefix = precompose_argv_prefix(argc, argv, prefix); if (use_pager == -1 && p->option & (RUN_SETUP | RUN_SETUP_GENTLY) && !(p->option & DELAY_PAGER_CONFIG)) use_pager = check_pager_config(p->cmd); diff --git a/parse-options.c b/parse-options.c index f0507432ee..fbea16eaf5 100644 --- a/parse-options.c +++ b/parse-options.c @@ -869,7 +869,7 @@ int parse_options(int argc, const char **argv, const char *prefix, usage_with_options(usagestr, options); } - precompose_argv(argc, argv); + precompose_argv_prefix(argc, argv, NULL); free(real_options); free(ctx.alias_groups); return parse_options_end(&ctx); diff --git a/t/t3910-mac-os-precompose.sh b/t/t3910-mac-os-precompose.sh index 54ce19e353..bc632a03ed 100755 --- a/t/t3910-mac-os-precompose.sh +++ b/t/t3910-mac-os-precompose.sh @@ -191,6 +191,22 @@ test_expect_failure 'handle existing decomposed filenames' ' test_must_be_empty untracked ' +test_expect_success "unicode decomposed: git restore -p . " ' + DIRNAMEPWD=dir.Odiarnfc && + DIRNAMEINREPO=dir.$Adiarnfc && + export DIRNAMEPWD DIRNAMEINREPO && + git init "$DIRNAMEPWD" && + ( + cd "$DIRNAMEPWD" && + mkdir "$DIRNAMEINREPO" && + cd "$DIRNAMEINREPO" && + echo "Initial" >file && + git add file && + echo "More stuff" >>file && + echo y | git restore -p . + ) +' + # Test if the global core.precomposeunicode stops autosensing # Must be the last test case test_expect_success "respect git config --global core.precomposeunicode" '