diff options
author | Jeff King <peff@peff.net> | 2019-09-15 12:51:56 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2019-09-16 12:47:51 -0700 |
commit | a4cafc737916c2df5a52875cb1d0976662e3ab0e (patch) | |
tree | b72a97006bc1b19b1007d92955f9cf1943849b96 /t/t3305-notes-fanout.sh | |
parent | list-objects-filter: give a more specific error sparse parsing error (diff) | |
download | tgif-a4cafc737916c2df5a52875cb1d0976662e3ab0e.tar.xz |
list-objects-filter: use empty string instead of NULL for sparse "base"
We use add_excludes_from_blob_to_list() to parse a sparse blob. Since
we don't have a base path, we pass NULL and 0 for the base and baselen,
respectively. But the rest of the exclude code passes a literal empty
string instead of NULL for this case. And indeed, we eventually end up
with match_pathname() calling fspathncmp(), which then calls the system
strncmp(path, base, baselen).
This works on many platforms, which notice that baselen is 0 and do not
look at the bytes of "base" at all. But it does violate the C standard,
and building with SANITIZE=undefined will complain. You can also see it
by instrumenting fspathncmp like this:
diff --git a/dir.c b/dir.c
index d021c908e5..4bb3d3ec96 100644
--- a/dir.c
+++ b/dir.c
@@ -71,6 +71,8 @@ int fspathcmp(const char *a, const char *b)
int fspathncmp(const char *a, const char *b, size_t count)
{
+ if (!a || !b)
+ BUG("null fspathncmp arguments");
return ignore_case ? strncasecmp(a, b, count) : strncmp(a, b, count);
}
We could perhaps be more defensive in match_pathname(), but even if we
did so, it makes sense for this code to match the rest of the exclude
callers.
Signed-off-by: Jeff King <peff@peff.net>
Acked-by: Jeff Hostetler <jeffhost@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t3305-notes-fanout.sh')
0 files changed, 0 insertions, 0 deletions