Web lists-archives.com

Re: [PATCH] refs: make sure we never pass NULL to hashcpy

Thomas Gummerer <t.gummerer@xxxxxxxxx> writes:

> gcc on arch linux (version 7.1.1) warns that a NULL argument is passed
> as the second parameter of memcpy.
> In file included from refs.c:5:0:
> refs.c: In function ‘ref_transaction_verify’:
> cache.h:948:2: error: argument 2 null where non-null expected [-Werror=nonnull]
>   memcpy(sha_dst, sha_src, GIT_SHA1_RAWSZ);
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from git-compat-util.h:165:0,
>                  from cache.h:4,
>                  from refs.c:5:
> /usr/include/string.h:43:14: note: in a call to function ‘memcpy’ declared here
>  extern void *memcpy (void *__restrict __dest, const void *__restrict __src,
>               ^~~~~~
> ...
> diff --git a/refs.c b/refs.c
> index ba22f4acef..d8c12a9c44 100644
> --- a/refs.c
> +++ b/refs.c
> @@ -896,10 +896,14 @@ struct ref_update *ref_transaction_add_update(
>  	update->flags = flags;
> -	if (flags & REF_HAVE_NEW)
> +	if (flags & REF_HAVE_NEW) {
> +		assert(new_sha1);
>  		hashcpy(update->new_oid.hash, new_sha1);
> -	if (flags & REF_HAVE_OLD)
> +	}
> +	if (flags & REF_HAVE_OLD) {
> +		assert(old_sha1);
>  		hashcpy(update->old_oid.hash, old_sha1);
> +	}

It is hugely annoying to see a halfway-intelligent compiler forces
you to add such pointless asserts.

The only way the compiler could error on this is by inferring the
fact that new_sha1/old_sha1 could be NULL by looking at the callsite
in ref_transaction_update() where these are used as conditionals to
set HAVE_NEW/HAVE_OLD that are passed.  Even if the compiler were
doing the whole-program analysis, the other two callsites of the
function pass the address of oid.hash[] in an oid structure so it
should know these won't be NULL.

Or is the compiler being really dumb and triggering an error for
every use of

	memcpy(dst, src, size);

that must now be written as

	memcpy(dst, src, size);

???  That would be doubly annoying.

I wonder if REF_HAVE_NEW/REF_HAVE_OLD are really needed in these
codepaths, though.  Perhaps we can instead declare !!new_sha1 means
we have the new side and rewrite the above part to

	if (new_sha1)
		hashcpy(update->new_oid.hash, new_sha1);

without an extra and totally pointless assert()?

>  	update->msg = xstrdup_or_null(msg);
>  	return update;
>  }