Re: [PATCH] refs: make sure we never pass NULL to hashcpy

Tue, 05 Sep 2017 18:26:56 -0700 

Thomas Gummerer <[email protected]> writes:

> gcc on arch linux (version 7.1.1) warns that a NULL argument is passed
> as the second parameter of memcpy.
>
> In file included from refs.c:5:0:
> refs.c: In function ‘ref_transaction_verify’:
> cache.h:948:2: error: argument 2 null where non-null expected 
> [-Werror=nonnull]
>   memcpy(sha_dst, sha_src, GIT_SHA1_RAWSZ);
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from git-compat-util.h:165:0,
>                  from cache.h:4,
>                  from refs.c:5:
> /usr/include/string.h:43:14: note: in a call to function ‘memcpy’ declared 
> here
>  extern void *memcpy (void *__restrict __dest, const void *__restrict __src,
>               ^~~~~~
> ...
> diff --git a/refs.c b/refs.c
> index ba22f4acef..d8c12a9c44 100644
> --- a/refs.c
> +++ b/refs.c
> @@ -896,10 +896,14 @@ struct ref_update *ref_transaction_add_update(
>  
>       update->flags = flags;
>  
> -     if (flags & REF_HAVE_NEW)
> +     if (flags & REF_HAVE_NEW) {
> +             assert(new_sha1);
>               hashcpy(update->new_oid.hash, new_sha1);
> -     if (flags & REF_HAVE_OLD)
> +     }
> +     if (flags & REF_HAVE_OLD) {
> +             assert(old_sha1);
>               hashcpy(update->old_oid.hash, old_sha1);
> +     }

It is hugely annoying to see a halfway-intelligent compiler forces
you to add such pointless asserts.

The only way the compiler could error on this is by inferring the
fact that new_sha1/old_sha1 could be NULL by looking at the callsite
in ref_transaction_update() where these are used as conditionals to
set HAVE_NEW/HAVE_OLD that are passed.  Even if the compiler were
doing the whole-program analysis, the other two callsites of the
function pass the address of oid.hash[] in an oid structure so it
should know these won't be NULL.

Or is the compiler being really dumb and triggering an error for
every use of

        memcpy(dst, src, size);

that must now be written as

        assert(src);
        memcpy(dst, src, size);

???  That would be doubly annoying.

I wonder if REF_HAVE_NEW/REF_HAVE_OLD are really needed in these
codepaths, though.  Perhaps we can instead declare !!new_sha1 means
we have the new side and rewrite the above part to

        if (new_sha1)
                hashcpy(update->new_oid.hash, new_sha1);

without an extra and totally pointless assert()?

>       update->msg = xstrdup_or_null(msg);
>       return update;
>  }

Reply via email to