git/tag.c, branch v2.26.1

commit, tag: don't set parsed bit for parse failures

2019-10-28T05:04:49Z

If we can't parse a commit, then parse_commit() will return an error code. But it _also_ sets the "parsed" flag, which tells us not to bother trying to re-parse the object. That means that subsequent parses have no idea that the information in the struct may be bogus. I.e., doing this: parse_commit(commit); ... if (parse_commit(commit) < 0) die("commit is broken"); will never trigger the die(). The second parse_commit() will see the "parsed" flag and quietly return success. There are two obvious ways to fix this: 1. Stop setting "parsed" until we've successfully parsed. 2. Keep a second "corrupt" flag to indicate that we saw an error (and when the parsed flag is set, return 0/-1 depending on the corrupt flag). This patch does option 1. The obvious downside versus option 2 is that we might continually re-parse a broken object. But in practice, corruption like this is rare, and we typically die() or return an error in the caller. So it's OK not to worry about optimizing for corruption. And it's much simpler: we don't need to use an extra bit in the object struct, and callers which check the "parsed" flag don't need to learn about the corrupt bit, too. There's no new test here, because this case is already covered in t5318. Note that we do need to update the expected message there, because we now detect the problem in the return from "parse_commit()", and not with a separate check for a NULL tree. In fact, we can now ditch that explicit tree check entirely, as we're covered robustly by this change (and the previous recent change to treat a NULL tree as a parse error). We'll also give tags the same treatment. I don't know offhand of any cases where the problem can be triggered (it implies somebody ignoring a parse error earlier in the process), but consistently returning an error should cause the least surprise. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

parse_tag_buffer(): treat NULL tag pointer as parse error

2019-10-21T02:15:23Z

When parsing a tag, we may end up with a NULL "tagged" field when there's a type mismatch (e.g., the tag claims to point to object X as a commit, but we previously saw X as a blob in the same process), but we do not otherwise indicate a parse failure to the caller. This is similar to the case discussed in the previous commit, where a commit could end up with a NULL tree field: while slightly convenient for callers who want to overlook a corrupt object, it means that normal callers have to explicitly deal with this case (rather than just relying on the return code from parsing). And most don't, leading to segfault fixes like the one in c77722b3ea (use get_tagged_oid(), 2019-09-05). Let's address this more centrally, by returning an error code from the parse itself, which most callers would already notice (adventurous callers are free to ignore the error and continue looking at the struct). This also covers the case where the tag contains a nonsensical "type" field (there we produced a user-visible error but still returned success to the caller; now we'll produce a slightly better message and return an error). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

tag: factor out get_tagged_oid()

2019-09-05T21:10:18Z

Add a function for accessing the ID of the object referenced by a tag safely, i.e. without causing a segfault when encountering a broken tag where ->tagged is NULL. Signed-off-by: René Scharfe Signed-off-by: Junio C Hamano

object: convert create_object() to use object_id

2019-06-20T17:20:51Z

There are no callers left of create_object() that aren't just passing us the "hash" member of a "struct object_id". Let's take the whole struct, which gets us closer to removing all raw sha1 variables. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

object: convert lookup_object() to use object_id

2019-06-20T17:18:09Z

There are no callers left of lookup_object() that aren't just passing us the "hash" member of a "struct object_id". Let's take the whole struct, which gets us closer to removing all raw sha1 variables. It also matches the existing conversions of lookup_blob(), etc. The conversions of callers were done by hand, but they're all mechanical one-liners. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

tag: express constant in terms of the_hash_algo

2018-10-15T03:53:16Z

Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano

Merge branch 'jt/tags-to-promised-blobs-fix'

2018-08-02T22:30:46Z

The lazy clone support had a few places where missing but promised objects were not correctly tolerated, which have been fixed. * jt/tags-to-promised-blobs-fix: tag: don't warn if target is missing but promised revision: tolerate promised targets of tags

tag: don't warn if target is missing but promised

2018-07-16T19:56:14Z

deref_tag() prints a warning if the object that a tag refers to does not exist. However, when a partial clone has an annotated tag from its promisor remote, but not the object that it refers to, printing a warning on such a tag is incorrect. This occurs, for example, when the checkout that happens after a partial clone causes some objects to be fetched - and as part of the fetch, all local refs are read. The test included in this patch demonstrates this situation. Therefore, do not print a warning in this case. Signed-off-by: Jonathan Tan Signed-off-by: Junio C Hamano

tag.c: allow deref_tag to handle arbitrary repositories

2018-06-29T17:43:40Z

Signed-off-by: Stefan Beller Signed-off-by: Junio C Hamano

tag: allow parse_tag_buffer to handle arbitrary repositories

2018-06-29T17:43:39Z

Signed-off-by: Stefan Beller Signed-off-by: Junio C Hamano