| Message ID | YI1f8jKReuE3LXVH@coredump.intra.peff.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | pack-objects: better handling of negative options | expand |
On 5/1/2021 10:04 AM, Jeff King wrote: > A negative delta depth makes no sense, and the code is not prepared to > handle it. If passed "--depth=-1" on the command line, then this line > from break_delta_chains(): > > cur->depth = (total_depth--) % (depth + 1); > > triggers a divide-by-zero. This is undefined behavior according to the C > standard, but on POSIX systems results in SIGFPE killing the process. > This is certainly one way to inform the use that the command was > invalid, but it's a bit friendlier to just treat it as "don't allow any > deltas", which we already do for --depth=0. Makes sense to me. This whole series LGTM. Thanks, -Stolee
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index ea7a5b3ba5..da5e0700f9 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -3861,6 +3861,8 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix) if (pack_to_stdout != !base_name || argc) usage_with_options(pack_usage, pack_objects_options); + if (depth < 0) + depth = 0; if (depth >= (1 << OE_DEPTH_BITS)) { warning(_("delta chain depth %d is too deep, forcing %d"), depth, (1 << OE_DEPTH_BITS) - 1); diff --git a/t/t5316-pack-delta-depth.sh b/t/t5316-pack-delta-depth.sh index 3e84df4137..759169d074 100755 --- a/t/t5316-pack-delta-depth.sh +++ b/t/t5316-pack-delta-depth.sh @@ -102,4 +102,11 @@ test_expect_success '--depth=0 disables deltas' ' test_cmp expect actual ' +test_expect_success 'negative depth disables deltas' ' + pack=$(git pack-objects --all --depth=-1 </dev/null pack) && + echo 0 >expect && + max_chain pack-$pack.pack >actual && + test_cmp expect actual +' + test_done
A negative delta depth makes no sense, and the code is not prepared to handle it. If passed "--depth=-1" on the command line, then this line from break_delta_chains(): cur->depth = (total_depth--) % (depth + 1); triggers a divide-by-zero. This is undefined behavior according to the C standard, but on POSIX systems results in SIGFPE killing the process. This is certainly one way to inform the use that the command was invalid, but it's a bit friendlier to just treat it as "don't allow any deltas", which we already do for --depth=0. Signed-off-by: Jeff King <peff@peff.net> --- builtin/pack-objects.c | 2 ++ t/t5316-pack-delta-depth.sh | 7 +++++++ 2 files changed, 9 insertions(+)