From 7c3fd25dcf2a23ed43bae2ba23a46edab4644a9f Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Tue, 15 Jan 2008 16:12:33 -0800 Subject: [PATCH] Make builtin-commit.c more careful about parenthood When creating the commit object, be a whole lot more careful about making sure that the parent lines really are valid parent lines. Check things like MERGE_HEAD having proper SHA1 lines in it, and double-check that all the parents exist and are actually commits. Signed-off-by: Linus Torvalds Signed-off-by: Junio C Hamano --- builtin-commit.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/builtin-commit.c b/builtin-commit.c index 16345e9b9..49541c058 100644 --- a/builtin-commit.c +++ b/builtin-commit.c @@ -756,6 +756,17 @@ static const char commit_utf8_warn[] = "You may want to amend it after fixing the message, or set the config\n" "variable i18n.commitencoding to the encoding your project uses.\n"; +static void add_parent(struct strbuf *sb, const unsigned char *sha1) +{ + struct object *obj = parse_object(sha1); + const char *parent = sha1_to_hex(sha1); + if (!obj) + die("Unable to find commit parent %s", parent); + if (obj->type != OBJ_COMMIT) + die("Parent %s isn't a proper commit", parent); + strbuf_addf(sb, "parent %s\n", parent); +} + int cmd_commit(int argc, const char **argv, const char *prefix) { int header_len; @@ -818,21 +829,24 @@ int cmd_commit(int argc, const char **argv, const char *prefix) die("could not parse HEAD commit"); for (c = commit->parents; c; c = c->next) - strbuf_addf(&sb, "parent %s\n", - sha1_to_hex(c->item->object.sha1)); + add_parent(&sb, c->item->object.sha1); } else if (in_merge) { struct strbuf m; FILE *fp; reflog_msg = "commit (merge)"; - strbuf_addf(&sb, "parent %s\n", sha1_to_hex(head_sha1)); + add_parent(&sb, head_sha1); strbuf_init(&m, 0); fp = fopen(git_path("MERGE_HEAD"), "r"); if (fp == NULL) die("could not open %s for reading: %s", git_path("MERGE_HEAD"), strerror(errno)); - while (strbuf_getline(&m, fp, '\n') != EOF) - strbuf_addf(&sb, "parent %s\n", m.buf); + while (strbuf_getline(&m, fp, '\n') != EOF) { + unsigned char sha1[20]; + if (get_sha1_hex(m.buf, sha1) < 0) + die("Corrupt MERGE_HEAD file (%s)", m.buf); + add_parent(&sb, sha1); + } fclose(fp); strbuf_release(&m); } else { -- 2.30.2