From f62e0a39b69c2752b92f01bb05a6676639f46a65 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Mon, 19 Apr 2010 03:03:03 -0500 Subject: [PATCH 1/2] t5704 (bundle): add tests for bundle --stdin As long as no rev-list arguments are supplied on the command line, git bundle create --stdin currently segfaults. With added rev-list arguments, it does not segfault, but the revisions from stdin are ignored. Thanks to Joey Hess for the report. Signed-off-by: Jonathan Nieder Signed-off-by: Junio C Hamano --- t/t5704-bundle.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/t/t5704-bundle.sh b/t/t5704-bundle.sh index a8f4419e61..ddc3dc52f4 100755 --- a/t/t5704-bundle.sh +++ b/t/t5704-bundle.sh @@ -30,4 +30,20 @@ test_expect_success 'tags can be excluded by rev-list options' ' ' +test_expect_failure 'bundle --stdin' ' + + echo master | git bundle create stdin-bundle.bdl --stdin && + git ls-remote stdin-bundle.bdl >output && + grep master output + +' + +test_expect_failure 'bundle --stdin ' ' + + echo master | git bundle create hybrid-bundle.bdl --stdin tag && + git ls-remote hybrid-bundle.bdl >output && + grep master output + +' + test_done From 97a20eea199f490760cc25b1b7df28361f54e536 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Mon, 19 Apr 2010 03:03:40 -0500 Subject: [PATCH 2/2] fix "bundle --stdin" segfault MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When passed an empty list, objects_array_remove_duplicates() corrupts it by changing the number of entries from 0 to 1. The problem lies in the condition of its main loop: for (ref = 0; ref < array->nr - 1; ref++) { The loop body manipulates the supplied object array. In the case of an empty array, it should not be doing anything at all. But array->nr is an unsigned quantity, so the code enters the loop, in particular increasing array->nr. Fix this by comparing (ref + 1 < array->nr) instead. This bug can be triggered by git bundle --stdin: $ echo HEAD | git bundle create some.bundle --stdin’ Segmentation fault (core dumped) The list of commits to bundle appears to be empty because of another bug: by the time the revision-walking machinery gets to look at it, standard input has already been consumed by rev-list, so this function gets an empty list of revisions. After this patch, git bundle --stdin still does not work; it just doesn’t segfault any more. Reported-by: Joey Hess Signed-off-by: Jonathan Nieder Signed-off-by: Junio C Hamano --- object.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/object.c b/object.c index 3ca92c4c4d..277b3ddba7 100644 --- a/object.c +++ b/object.c @@ -252,10 +252,10 @@ void add_object_array_with_mode(struct object *obj, const char *name, struct obj void object_array_remove_duplicates(struct object_array *array) { - int ref, src, dst; + unsigned int ref, src, dst; struct object_array_entry *objects = array->objects; - for (ref = 0; ref < array->nr - 1; ref++) { + for (ref = 0; ref + 1 < array->nr; ref++) { for (src = ref + 1, dst = src; src < array->nr; src++) {