Message ID | patch-04.17-871b820003-20210520T111610Z-avarab@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | fsck: better "invalid object" error reporting | expand |
Hi, Ævar Arnfjörð Bjarmason wrote: > Fix a blindspot in the tests added in the tests for the > --allow-unknown-type feature, added in 39e4ae38804 (cat-file: teach > cat-file a '--allow-unknown-type' option, 2015-05-03). > > Before this change all the tests would succeed if --allow-unknown-type > was on by default, let's fix that by asserting that -t and -s die on a > "garbage" type without --allow-unknown-type. nit: "tests added in the tests" seems oddly repetitive. More importantly, I'm curious about the desired behavior here. The idea behind cat-file --allow-unknown-type is that I can use it to inspect an invalid object, for example after it has been reported by git fsck. The commit that introduced it (39e4ae3880, "cat-file: teach cat-file a '--allow-unknown-type' option", 2015-05-03) gives the hint "query broken/corrupt objects" in the documentation, so I figure that's what it's for, and I'm sympathetic. But: why is that an option instead of something that we always do? In other words, is there some situation where I would not want the more permissive behavior from cat-file against a bad object? Thanks, Jonathan
On Thu, May 27 2021, Jonathan Nieder wrote: > Hi, > > Ævar Arnfjörð Bjarmason wrote: > >> Fix a blindspot in the tests added in the tests for the >> --allow-unknown-type feature, added in 39e4ae38804 (cat-file: teach >> cat-file a '--allow-unknown-type' option, 2015-05-03). >> >> Before this change all the tests would succeed if --allow-unknown-type >> was on by default, let's fix that by asserting that -t and -s die on a >> "garbage" type without --allow-unknown-type. > > nit: "tests added in the tests" seems oddly repetitive. > > More importantly, I'm curious about the desired behavior here. The > idea behind cat-file --allow-unknown-type is that I can use it to > inspect an invalid object, for example after it has been reported by > git fsck. The commit that introduced it (39e4ae3880, "cat-file: teach > cat-file a '--allow-unknown-type' option", 2015-05-03) gives the hint > "query broken/corrupt objects" in the documentation, so I figure > that's what it's for, and I'm sympathetic. > > But: why is that an option instead of something that we always do? > > In other words, is there some situation where I would not want the > more permissive behavior from cat-file against a bad object? Yes. I suggested as much in https://lore.kernel.org/git/87r1i4qf4h.fsf@evledraar.gmail.com/ For this series though I'm sticking to testing for the existing behavior + fixing the immediate fsck issues. I've got some local patches queued up for after this topic lands (after I re-roll it, re-submit etc.) that do that.
diff --git a/t/t1006-cat-file.sh b/t/t1006-cat-file.sh index b71ef94329..dc01d7c4a9 100755 --- a/t/t1006-cat-file.sh +++ b/t/t1006-cat-file.sh @@ -347,6 +347,20 @@ bogus_content="bogus" bogus_size=$(strlen "$bogus_content") bogus_sha1=$(echo_without_newline "$bogus_content" | git hash-object -t $bogus_type --literally -w --stdin) +test_expect_success 'die on broken object under -t and -s without --allow-unknown-type' ' + cat >err.expect <<-\EOF && + fatal: invalid object type + EOF + + test_must_fail git cat-file -t $bogus_sha1 >out.actual 2>err.actual && + test_cmp err.expect err.actual && + test_must_be_empty out.actual && + + test_must_fail git cat-file -s $bogus_sha1 >out.actual 2>err.actual && + test_cmp err.expect err.actual && + test_must_be_empty out.actual +' + test_expect_success "Type of broken object is correct" ' echo $bogus_type >expect && git cat-file -t --allow-unknown-type $bogus_sha1 >actual && @@ -363,6 +377,21 @@ bogus_content="bogus" bogus_size=$(strlen "$bogus_content") bogus_sha1=$(echo_without_newline "$bogus_content" | git hash-object -t $bogus_type --literally -w --stdin) +test_expect_success 'die on broken object with large type under -t and -s without --allow-unknown-type' ' + cat >err.expect <<-EOF && + error: unable to unpack $bogus_sha1 header + fatal: git cat-file: could not get object info + EOF + + test_must_fail git cat-file -t $bogus_sha1 >out.actual 2>err.actual && + test_cmp err.expect err.actual && + test_must_be_empty out.actual && + + test_must_fail git cat-file -s $bogus_sha1 >out.actual 2>err.actual && + test_cmp err.expect err.actual && + test_must_be_empty out.actual +' + test_expect_success "Type of broken object is correct when type is large" ' echo $bogus_type >expect && git cat-file -t --allow-unknown-type $bogus_sha1 >actual &&
Fix a blindspot in the tests added in the tests for the --allow-unknown-type feature, added in 39e4ae38804 (cat-file: teach cat-file a '--allow-unknown-type' option, 2015-05-03). Before this change all the tests would succeed if --allow-unknown-type was on by default, let's fix that by asserting that -t and -s die on a "garbage" type without --allow-unknown-type. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> --- t/t1006-cat-file.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)