When we cannot generate a delta, we return NULL but leave delta_size
untouched. This is generally OK, as callers rely on NULL to decide if
the output is usable or not. But it can confuse compilers; in
particular, gcc 9.2.1 with "-flto -O3" complains in fast-import's
store_object() that delta_len may be used uninitialized.

Let's change the diff-delta code to set the size explicitly to 0 for a
NULL return. That silences the compiler and makes it easier to reason
about the result.

Reported-by: Stephan Beyer <s-be...@gmx.net>
Helped-by: Junio C Hamano <gits...@pobox.com>
Signed-off-by: Jeff King <p...@peff.net>
---
I suspect this same pattern of "if we return error, out-parameters are
undefined" is used in a lot of other functions, too. And I wouldn't
necessarily want to go around changing all of them. But the fact that
this tickles the compiler makes me think it's worthwhile.

 diff-delta.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/diff-delta.c b/diff-delta.c
index e49643353b..77fea08dfb 100644
--- a/diff-delta.c
+++ b/diff-delta.c
@@ -326,6 +326,8 @@ create_delta(const struct delta_index *index,
        const unsigned char *ref_data, *ref_top, *data, *top;
        unsigned char *out;
 
+       *delta_size = 0;
+
        if (!trg_buf || !trg_size)
                return NULL;
 
-- 
2.23.0.463.g883b23b1c5

Reply via email to