Google Git
Sign in
googlers / jrn / git / ee213de22d15e801ba3712be0cb8ecbf7415fa1d^! / .
commitee213de22d15e801ba3712be0cb8ecbf7415fa1d[log] [tgz]
authorÆvar Arnfjörð Bjarmason <avarab@gmail.com>Sat Feb 05 00:48:29 2022 +0100
committerJunio C Hamano <gitster@pobox.com>Fri Feb 25 17:16:31 2022 -0800
treec6f0cb0706e64e4d9fe00cb5fda4cd133e743767
parentcdcaaec9a6028f53f9b44efb6dce9f15bb394b45 [diff]
object API users + docs: check <0, not !0 with check_object_signature()

Change those users of the object API that misused
check_object_signature() by assuming it returned any non-zero when the
OID didn't match the expected value to check <0 instead. In practice
all of this code worked before, but it wasn't consistent with rest of
the users of the API.

Let's also clarify what the <0 return value means in API docs.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/index-pack.c b/builtin/index-pack.c
index 0157437..416f60a 100644
--- a/builtin/index-pack.c
+++ b/builtin/index-pack.c

@@ -1412,9 +1412,8 @@ static void fix_unresolved_deltas(struct hashfile *f)
 		if (!data)
 			continue;
 
-		if (check_object_signature(the_repository, &d->oid,
-					   data, size,
-					   type_name(type), NULL))
+		if (check_object_signature(the_repository, &d->oid, data, size,
+					   type_name(type), NULL) < 0)
 			die(_("local object %s is corrupt"), oid_to_hex(&d->oid));
 
 		/*

diff --git a/builtin/mktag.c b/builtin/mktag.c
index 96a3686..98d1e66 100644
--- a/builtin/mktag.c
+++ b/builtin/mktag.c

@@ -97,7 +97,7 @@ int cmd_mktag(int argc, const char **argv, const char *prefix)
 				&tagged_oid, &tagged_type))
 		die(_("tag on stdin did not pass our strict fsck check"));
 
-	if (verify_object_in_tag(&tagged_oid, &tagged_type))
+	if (verify_object_in_tag(&tagged_oid, &tagged_type) < 0)
 		die(_("tag on stdin did not refer to a valid object"));
 
 	if (write_object_file(buf.buf, buf.len, OBJ_TAG, &result) < 0)

diff --git a/cache.h b/cache.h
index 98d1ef0..5d08195 100644
--- a/cache.h
+++ b/cache.h

@@ -1324,6 +1324,9 @@ int parse_loose_header(const char *hdr, struct object_info *oi);
  * object name actually matches "oid" to detect object corruption.
  * With "buf" == NULL, try reading the object named with "oid" using
  * the streaming interface and rehash it to do the same.
+ *
+ * A negative value indicates an error, usually that the OID is not
+ * what we expected, but it might also indicate another error.
  */
 int check_object_signature(struct repository *r, const struct object_id *oid,
 			   void *buf, unsigned long size, const char *type,

diff --git a/object-file.c b/object-file.c
index 44e0b32..d628f58 100644
--- a/object-file.c
+++ b/object-file.c

@@ -2613,7 +2613,7 @@ int read_loose_object(const char *path,
 		}
 		if (check_object_signature(the_repository, expected_oid,
 					   *contents, *size,
-					   oi->type_name->buf, real_oid))
+					   oi->type_name->buf, real_oid) < 0)
 			goto out;
 	}
 

diff --git a/pack-check.c b/pack-check.c
index 3f418e3..48d818e 100644
--- a/pack-check.c
+++ b/pack-check.c

@@ -143,7 +143,7 @@ static int verify_packfile(struct repository *r,
 				    oid_to_hex(&oid), p->pack_name,
 				    (uintmax_t)entries[i].offset);
 		else if (check_object_signature(r, &oid, data, size,
-						type_name(type), NULL))
+						type_name(type), NULL) < 0)
 			err = error("packed %s from %s is corrupt",
 				    oid_to_hex(&oid), p->pack_name);
 		else if (fn) {