From d859dcad945755ad7d3ada843eecf2843b3c5470 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 23 Jan 2020 12:28:17 +0000 Subject: [PATCH 1/3] parse_insn_line(): improve error message when parsing failed In the case that a `get_oid()` call failed, we showed some rather bogus part of the line instead of the precise string we sent to said function. That makes it rather hard for users to understand what is going wrong, so let's fix that. While at it, return a negative value from `parse_insn_line()` in case of an error, as per our convention. This function's only caller, `todo_list_parse_insn_buffer()`, cares only whether that return value is non-zero or not, i.e. does not need to be changed. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- sequencer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sequencer.c b/sequencer.c index b9dbf1adb0..7c30dad59c 100644 --- a/sequencer.c +++ b/sequencer.c @@ -2118,6 +2118,8 @@ static int parse_insn_line(struct repository *r, struct todo_item *item, saved = *end_of_object_name; *end_of_object_name = '\0'; status = get_oid(bol, &commit_oid); + if (status < 0) + error(_("could not parse '%s'"), bol); /* return later */ *end_of_object_name = saved; bol = end_of_object_name + strspn(end_of_object_name, " \t"); @@ -2125,11 +2127,10 @@ static int parse_insn_line(struct repository *r, struct todo_item *item, item->arg_len = (int)(eol - bol); if (status < 0) - return error(_("could not parse '%.*s'"), - (int)(end_of_object_name - bol), bol); + return status; item->commit = lookup_commit_reference(r, &commit_oid); - return !item->commit; + return item->commit ? 0 : -1; } int sequencer_get_last_command(struct repository *r, enum replay_action *action) From b6992261deb1c32e11998b19467ecd4d328ba049 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 23 Jan 2020 12:28:18 +0000 Subject: [PATCH 2/3] rebase -i: re-fix short SHA-1 collision In 66ae9a57b88 (t3404: rebase -i: demonstrate short SHA-1 collision, 2013-08-23), we added a test case that demonstrated how it is possible that a previously unambiguous short commit ID could become ambiguous *during* a rebase. In 75c69766554 (rebase -i: fix short SHA-1 collision, 2013-08-23), we fixed that problem simply by writing out the todo list with expanded commit IDs (except *right* before letting the user edit the todo list, in which case we shorten them, but we expand them right after the file was edited). However, the bug resurfaced as a side effect of 393adf7a6f6 (sequencer: directly call pick_commits() from complete_action(), 2019-11-24): as of this commit, the sequencer no longer re-reads the todo list after writing it out with expanded commit IDs. The only redeeming factor is that the todo list is already parsed at that stage, including all the commits corresponding to the commands, therefore the sequencer can continue even if the internal todo list has short commit IDs. That does not prevent problems, though: the sequencer writes out the `done` and `git-rebase-todo` files incrementally (i.e. overwriting the todo list with a version that has _short_ commit IDs), and if a merge conflict happens, or if an `edit` or a `break` command is encountered, a subsequent `git rebase --continue` _will_ re-read the todo list, opening an opportunity for the "short SHA-1 collision" bug again. To avoid that, let's make sure that we do expand the commit IDs in the todo list as soon as we have parsed it after letting the user edit it. Additionally, we improve the 'short SHA-1 collide' test case in t3404 to test specifically for the case where the rebase is resumed. We also hard-code the expected colliding short SHA-1s, to document the expectation (and to make it easier on future readers). Note that we specifically test that the short commit ID is used in the `git-rebase-todo.tmp` file: this file is created by the fake editor in the test script and reflects the state that would have been presented to the user to edit. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- sequencer.c | 11 ++++++++++- t/t3404-rebase-interactive.sh | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/sequencer.c b/sequencer.c index 7c30dad59c..5f69b47e32 100644 --- a/sequencer.c +++ b/sequencer.c @@ -5076,7 +5076,7 @@ int complete_action(struct repository *r, struct replay_opts *opts, unsigned fla { const char *shortonto, *todo_file = rebase_path_todo(); struct todo_list new_todo = TODO_LIST_INIT; - struct strbuf *buf = &todo_list->buf; + struct strbuf *buf = &todo_list->buf, buf2 = STRBUF_INIT; struct object_id oid = onto->object.oid; int res; @@ -5128,6 +5128,15 @@ int complete_action(struct repository *r, struct replay_opts *opts, unsigned fla return -1; } + /* Expand the commit IDs */ + todo_list_to_strbuf(r, &new_todo, &buf2, -1, 0); + strbuf_swap(&new_todo.buf, &buf2); + strbuf_release(&buf2); + new_todo.total_nr -= new_todo.nr; + if (todo_list_parse_insn_buffer(r, new_todo.buf.buf, &new_todo) < 0) + BUG("invalid todo list after expanding IDs:\n%s", + new_todo.buf.buf); + if (opts->allow_ff && skip_unnecessary_picks(r, &new_todo, &oid)) { todo_list_release(&new_todo); return error(_("could not skip unnecessary pick commands")); diff --git a/t/t3404-rebase-interactive.sh b/t/t3404-rebase-interactive.sh index ae6e55ce79..1cc9f36bc7 100755 --- a/t/t3404-rebase-interactive.sh +++ b/t/t3404-rebase-interactive.sh @@ -1264,13 +1264,24 @@ test_expect_success SHA1 'short SHA-1 setup' ' test_expect_success SHA1 'short SHA-1 collide' ' test_when_finished "reset_rebase && git checkout master" && git checkout collide && + colliding_sha1=6bcda37 && + test $colliding_sha1 = "$(git rev-parse HEAD | cut -c 1-7)" && ( unset test_tick && test_tick && set_fake_editor && FAKE_COMMIT_MESSAGE="collide2 ac4f2ee" \ - FAKE_LINES="reword 1 2" git rebase -i HEAD~2 - ) + FAKE_LINES="reword 1 break 2" git rebase -i HEAD~2 && + test $colliding_sha1 = "$(git rev-parse HEAD | cut -c 1-7)" && + grep "^pick $colliding_sha1 " \ + .git/rebase-merge/git-rebase-todo.tmp && + grep "^pick [0-9a-f]\{40\}" \ + .git/rebase-merge/git-rebase-todo && + git rebase --continue + ) && + collide2="$(git rev-parse HEAD~1 | cut -c 1-4)" && + collide3="$(git rev-parse collide3 | cut -c 1-4)" && + test "$collide2" = "$collide3" ' test_expect_success 'respect core.abbrev' ' From 26027625dd1ee358e2174a09d519252995d51662 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 23 Jan 2020 12:28:19 +0000 Subject: [PATCH 3/3] rebase -i: also avoid SHA-1 collisions with missingCommitsCheck When `rebase.missingCommitsCheck` is in effect, we use the backup of the todo list that was copied just before the user was allowed to edit it. That backup is, of course, just as susceptible to the hash collision as the todo list itself: a reworded commit could make a previously unambiguous short commit ID ambiguous all of a sudden. So let's not just copy the todo list, but let's instead write out the backup with expanded commit IDs. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- rebase-interactive.c | 8 +++++--- t/t3404-rebase-interactive.sh | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/rebase-interactive.c b/rebase-interactive.c index aa18ae82b7..1259adc8ea 100644 --- a/rebase-interactive.c +++ b/rebase-interactive.c @@ -104,9 +104,11 @@ int edit_todo_list(struct repository *r, struct todo_list *todo_list, -1, flags | TODO_LIST_SHORTEN_IDS | TODO_LIST_APPEND_TODO_HELP)) return error_errno(_("could not write '%s'"), todo_file); - if (initial && copy_file(rebase_path_todo_backup(), todo_file, 0666)) - return error(_("could not copy '%s' to '%s'."), todo_file, - rebase_path_todo_backup()); + if (initial && + todo_list_write_to_file(r, todo_list, rebase_path_todo_backup(), + shortrevisions, shortonto, -1, + (flags | TODO_LIST_APPEND_TODO_HELP) & ~TODO_LIST_SHORTEN_IDS) < 0) + return error(_("could not write '%s'."), rebase_path_todo_backup()); if (launch_sequence_editor(todo_file, &new_todo->buf, NULL)) return -2; diff --git a/t/t3404-rebase-interactive.sh b/t/t3404-rebase-interactive.sh index 1cc9f36bc7..b90ea0fe44 100755 --- a/t/t3404-rebase-interactive.sh +++ b/t/t3404-rebase-interactive.sh @@ -1277,6 +1277,8 @@ test_expect_success SHA1 'short SHA-1 collide' ' .git/rebase-merge/git-rebase-todo.tmp && grep "^pick [0-9a-f]\{40\}" \ .git/rebase-merge/git-rebase-todo && + grep "^pick [0-9a-f]\{40\}" \ + .git/rebase-merge/git-rebase-todo.backup && git rebase --continue ) && collide2="$(git rev-parse HEAD~1 | cut -c 1-4)" &&