Re: [PATCH 3/5] config: add BUG() statement instead of possible segfault
From: Ævar Arnfjörð Bjarmason <hidden>
Date: 2022-09-27 16:20:55
On Tue, Sep 27 2022, Derrick Stolee via GitGitGadget wrote:
quoted hunk ↗ jump to hunk
From: Derrick Stolee <redacted> The git_die_config() method calls git_config_get_value_multi() but immediately navigates to its first value without checking if the result is NULL or empty. Callers should only call git_die_config() if there is at least one value for the given 'key', but such a mistaken use might slip through. It would be better to show a BUG() statement than a possible segfault. Signed-off-by: Derrick Stolee <redacted> --- config.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)diff --git a/config.c b/config.c index bf89afbdab0..0c41606c7d4 100644 --- a/config.c +++ b/config.c@@ -2833,8 +2833,13 @@ void git_die_config(const char *key, const char *err, ...) va_end(params); } values = git_config_get_value_multi(key); - kv_info = values->items[values->nr - 1].util; - git_die_config_linenr(key, kv_info->filename, kv_info->linenr); + + if (values && values->nr) { + kv_info = values->items[values->nr - 1].util; + git_die_config_linenr(key, kv_info->filename, kv_info->linenr); + } else { + BUG("expected a non-empty list of values"); + } } /*
AFAIKT the intent of the current code on "master" is that this will only get called if the likes of git_configset_get_string() returns < 0, not if it returns > 0. So isn't the combination of your 1/5 and this 3/5 now conflating these two conditions? See e.g. repo_config_get_string_tmp() and when it would call git_die_config(). I.e. isn't the whole point of git_die_config() to print an error message about a configuration *value* that we've parsed out of the config? If e.g. the key itself is bad we'll get a -1, but in this case it seems we would have a BUG(), but it's not that we "expected a non-empty list of values", but that the state of the world changed between our previous configset invocation, no?