Error instead of triggering a segfault in git archive --remote=""

[emilyyyylime]

cc: Patrick Steinhardt [email protected]

[gitgitgadget]

Welcome to GitGitGadget

Hi @emilyyyylime, and welcome to GitGitGadget, the GitHub App to send patch series to the Git mailing list from GitHub Pull Requests.

Please make sure that either:

• Your Pull Request has a good description, if it consists of multiple commits, as it will be used as cover letter.
• Your Pull Request description is empty, if it consists of a single commit, as the commit message should be descriptive enough by itself.

You can CC potential reviewers by adding a footer to the PR description with the following syntax:

CC: Revi Ewer <[email protected]>, Ill Takalook <[email protected]>

NOTE: DO NOT copy/paste your CC list from a previous GGG PR's description,
because it will result in a malformed CC list on the mailing list. See
example.

Also, it is a good idea to review the commit messages one last time, as the Git project expects them in a quite specific form:

• the lines should not exceed 76 columns,
• the first line should be like a header and typically start with a prefix like "tests:" or "revisions:" to state which subsystem the change is about, and
• the commit messages' body should be describing the "why?" of the change.
• Finally, the commit messages should end in a Signed-off-by: line matching the commits' author.

It is in general a good idea to await the automated test ("Checks") in this Pull Request before contributing the patches, e.g. to avoid trivial issues such as unportable code.

Contributing the patches

Before you can contribute the patches, your GitHub username needs to be added to the list of permitted users. Any already-permitted user can do that, by adding a comment to your PR of the form /allow. A good way to find other contributors is to locate recent pull requests where someone has been /allowed:

• Search: is:pr is:open "/allow"

Both the person who commented /allow and the PR author are able to /allow you.

An alternative is the channel #git-devel on the Libera Chat IRC network:

<newcontributor> I've just created my first PR, could someone please /allow me? https://github.com/gitgitgadget/git/pull/12345
<veteran> newcontributor: it is done
<newcontributor> thanks!

Once on the list of permitted usernames, you can contribute the patches to the Git mailing list by adding a PR comment /submit.

If you want to see what email(s) would be sent for a /submit request, add a PR comment /preview to have the email(s) sent to you. You must have a public GitHub email address for this. Note that any reviewers CC'd via the list in the PR description will not actually be sent emails.

After you submit, GitGitGadget will respond with another comment that contains the link to the cover letter mail in the Git mailing list archive. Please make sure to monitor the discussion in that thread and to address comments and suggestions (while the comments and suggestions will be mirrored into the PR by GitGitGadget, you will still want to reply via mail).

If you do not want to subscribe to the Git mailing list just to be able to respond to a mail, you can download the mbox from the Git mailing list archive (click the (raw) link), then import it into your mail program. If you use GMail, you can do this via:

curl -g --user "<EMailAddress>:<Password>" \
    --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt

To iterate on your change, i.e. send a revised patch or patch series, you will first want to (force-)push to the same branch. You probably also want to modify your Pull Request description (or title). It is a good idea to summarize the revision by adding something like this to the cover letter (read: by editing the first comment on the PR, i.e. the PR description):

Changes since v1:
- Fixed a typo in the commit message (found by ...)
- Added a code comment to ... as suggested by ...
...

To send a new iteration, just add another PR comment with the contents: /submit.

Need help?

New contributors who want advice are encouraged to join [email protected], where volunteers who regularly contribute to Git are willing to answer newbie questions, give advice, or otherwise provide mentoring to interested contributors. You must join in order to post or view messages, but anyone can join.

You may also be able to find help in real time in the developer IRC channel, #git-devel on Libera Chat. Remember that IRC does not support offline messaging, so if you send someone a private message and log out, they cannot respond to you. The scrollback of #git-devel is archived, though.

[Ikke]

/allow

[gitgitgadget]

User emilyyyylime is now allowed to use GitGitGadget.

[gitgitgadget]

There are issues in commit 668500b:
archive: Error instead of triggering a segfault in git archive --remote=""``
Prefixed commit message must be in lower case

[emilyyyylime]

/submit

[gitgitgadget]

Submitted as [email protected]

To fetch this version into FETCH_HEAD:

git fetch https://github.com/gitgitgadget/git/ pr-1877/emilyyyylime/fix-archive-remote-segfault-v1

To fetch this version to local tag pr-1877/emilyyyylime/fix-archive-remote-segfault-v1:

git fetch --no-tags https://github.com/gitgitgadget/git/ tag pr-1877/emilyyyylime/fix-archive-remote-segfault-v1

[gitgitgadget]

On the Git mailing list, Patrick Steinhardt wrote (reply to this):

On Sun, Mar 09, 2025 at 10:12:35AM +0000, emilylime via GitGitGadget wrote:
> From: emilylime <[email protected]>

This is missing a bit of a description:

    - What is the observed bug?
    - When does the bug trigger?
    - Optional: since when does the bug exist?
    - How do we fix it?
    - Optional: are there alternative ways to fix this bug that you have
      considered but found to be less optimal.

> Signed-off-by: emilylime <[email protected]>

We usually prefer people to sign off with their full name.

> diff --git a/builtin/archive.c b/builtin/archive.c
> index 13ea7308c8b..b6fdbfc7dca 100644
> --- a/builtin/archive.c
> +++ b/builtin/archive.c
> @@ -97,6 +97,10 @@ int cmd_archive(int argc,
>  	argc = parse_options(argc, argv, prefix, local_opts, NULL,
>  			     PARSE_OPT_KEEP_ALL);
>  
> +	if (remote && !remote[0]) {

Okay, so this triggers in case the user passes "--remote ''"?
I see that we ultimately pass the string to `remote_get()`, so does that
function segfault? If so, can other callers of that function segfault in
a similar way? In that case, we should probably address the issue deeper
down in the call stack.

> +		usage(N_("Option 'remote' may not be left empty"));

Error and usage strings should start with a lower-case letter.

> +	}

The curly braces aren't required.

It would also be nice to add a testcase, e.g. in "t/t5000-tar-tree.sh".

Thanks!

Patrick

[gitgitgadget]

User Patrick Steinhardt <[email protected]> has been added to the cc: list.

[gitgitgadget]

On the Git mailing list, Junio C Hamano wrote (reply to this):

"emilylime via GitGitGadget" <[email protected]> writes:

> From: emilylime <[email protected]>

Here is a place to explain what the change is about, how to
reproduce and observe the symptom, why the current code behaves the
undesirable way, etc. and then propose how to fix it.

> Signed-off-by: emilylime <[email protected]>

Documentation/SubmittingPatches:[[real-name]]?

> ---
>     Error instead of triggering a segfault in git archive --remote=""
>
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1877%2Femilyyyylime%2Ffix-archive-remote-segfault-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1877/emilyyyylime/fix-archive-remote-segfault-v1
> Pull-Request: https://github.com/gitgitgadget/git/pull/1877
>
>  builtin/archive.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/builtin/archive.c b/builtin/archive.c
> index 13ea7308c8b..b6fdbfc7dca 100644
> --- a/builtin/archive.c
> +++ b/builtin/archive.c
> @@ -97,6 +97,10 @@ int cmd_archive(int argc,
>  	argc = parse_options(argc, argv, prefix, local_opts, NULL,
>  			     PARSE_OPT_KEEP_ALL);
>  
> +	if (remote && !remote[0]) {
> +		usage(N_("Option 'remote' may not be left empty"));
> +	}

Style--useless {braces} around a single-statement block.

Style--downcase "O" in "Option".

N_() merely marks the string for translation, but yields the string
as-is to the calling function (i.e. usage()).  You probably meant to
use _() instead.  

[gitgitgadget]

On the Git mailing list, Junio C Hamano wrote (reply to this):

Patrick Steinhardt <[email protected]> writes:

>> +	if (remote && !remote[0]) {
>
> Okay, so this triggers in case the user passes "--remote ''"?
> I see that we ultimately pass the string to `remote_get()`, so does that
> function segfault? If so, can other callers of that function segfault in
> a similar way? In that case, we should probably address the issue deeper
> down in the call stack.

A good thing to point out.  If remote_get() segfaults, that is a
grave bug.  If remote_get() returns a NULL for such a non-existent
remote, the code should be able to cope with it, or you found a bug.

In short, I agree with you that this may merely be sweeping a
problem under a rug, not addressing a real problem.

run_remote_archiver() seems to run remote_get() and use the returned
value (which could be NULL, if you named a remote nickname that you
do not even have) without validating when it calls transport_get(),
so that is probably where the problem lies.  If I were writing this
code path, I would probably make run_remote_archiver() take a pointer
to an instance of "struct remote", moving the call to remote_get()
to the caller's side, and deal with an error inside cmd_archive().

Thanks.