| Message ID | 20230402130557.17662-1-worldhello.net@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | dc12ee77ab873c71170fbc68b68fdfabe3262ec8 |
| Headers | show |
| Series | object-info: init request_info before reading arg | expand |
Jiang Xin <worldhello.net@gmail.com> writes: > From: Jiang Xin <zhiyou.jx@alibaba-inc.com> > > When retrieving object info via capability "object-info", we store the > command args into a requested_info variable, but forget to initialize > it. Initialize the variable before use to prevent unexpected output. Good eyes. We read the request packets to decide if we want to flip the .size member of the structure, but the result would not make much sense if the structure starts with a random garbage in it. I wonder if we can tell our compilers (or runtime checker) to help catch a mistake like this. Did you see our sanitizers complain, or something? Will queue. Thanks. > Signed-off-by: Jiang Xin <zhiyou.jx@alibaba-inc.com> > --- > protocol-caps.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/protocol-caps.c b/protocol-caps.c > index 874bc815b4..94c51862c5 100644 > --- a/protocol-caps.c > +++ b/protocol-caps.c > @@ -79,7 +79,7 @@ static void send_info(struct repository *r, struct packet_writer *writer, > > int cap_object_info(struct repository *r, struct packet_reader *request) > { > - struct requested_info info; > + struct requested_info info = { 0 }; > struct packet_writer writer; > struct string_list oid_str_list = STRING_LIST_INIT_DUP;
On Tue, Apr 4, 2023 at 12:36 AM Junio C Hamano <gitster@pobox.com> wrote: > > Jiang Xin <worldhello.net@gmail.com> writes: > > > From: Jiang Xin <zhiyou.jx@alibaba-inc.com> > > > > When retrieving object info via capability "object-info", we store the > > command args into a requested_info variable, but forget to initialize > > it. Initialize the variable before use to prevent unexpected output. > > Good eyes. We read the request packets to decide if we want to flip > the .size member of the structure, but the result would not make > much sense if the structure starts with a random garbage in it. > > I wonder if we can tell our compilers (or runtime checker) to help > catch a mistake like this. Did you see our sanitizers complain, or > something? I accidentally came across this issue when I wanted to implement a new similar capability. I'm curious why adding "-Wuninitialized" or "-Wmaybe-uninitialized" to gcc fails to spot this case.
diff --git a/protocol-caps.c b/protocol-caps.c index 874bc815b4..94c51862c5 100644 --- a/protocol-caps.c +++ b/protocol-caps.c @@ -79,7 +79,7 @@ static void send_info(struct repository *r, struct packet_writer *writer, int cap_object_info(struct repository *r, struct packet_reader *request) { - struct requested_info info; + struct requested_info info = { 0 }; struct packet_writer writer; struct string_list oid_str_list = STRING_LIST_INIT_DUP;