Re: [PATCH 1/3] pack-objects: fix tree_depth and layer invariants
- Date: Wed, 21 Nov 2018 13:52:13 +0900
- From: Junio C Hamano <gitster@xxxxxxxxx>
- Subject: Re: [PATCH 1/3] pack-objects: fix tree_depth and layer invariants
Jeff King <peff@xxxxxxxx> writes:
> But in (b), we use the number of stored objects, _not_ the allocated
> size of the objects array. So we can run into a situation like this:
> 1. packlist_alloc() needs to store the Nth object, so it grows the
> objects array to M, where M > N.
> 2. oe_set_tree_depth() wants to store a depth, so it allocates an
> array of length N. Now we've violated our invariant.
> 3. packlist_alloc() needs to store the N+1th object. But it _doesn't_
> grow the objects array, since N <= M still holds. We try to assign
> to tree_depth[N+1], which is out of bounds.
Ouch. I see counting and allocationg is hard (I think I spotted a
bug in another area that comes from the same "count while filtering
and then allocate" pattern during this cycle). Thanks for spotting.