Make builtin-commit.c more careful about parenthood
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 16 Jan 2008 00:12:33 +0000 (16:12 -0800)
committerJunio C Hamano <gitster@pobox.com>
Wed, 16 Jan 2008 19:37:34 +0000 (11:37 -0800)
When creating the commit object, be a whole lot more careful about making
sure that the parent lines really are valid parent lines. Check things
like MERGE_HEAD having proper SHA1 lines in it, and double-check that all
the parents exist and are actually commits.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin-commit.c
index 16345e9b9332c0e42fb2e61c39dc0534db9f7f8e..49541c0583803e4a5ec1503c02d30147933a7a36 100644 (file)
@@ -756,6 +756,17 @@ static const char commit_utf8_warn[] =
 "You may want to amend it after fixing the message, or set the config\n"
 "variable i18n.commitencoding to the encoding your project uses.\n";
 
+static void add_parent(struct strbuf *sb, const unsigned char *sha1)
+{
+       struct object *obj = parse_object(sha1);
+       const char *parent = sha1_to_hex(sha1);
+       if (!obj)
+               die("Unable to find commit parent %s", parent);
+       if (obj->type != OBJ_COMMIT)
+               die("Parent %s isn't a proper commit", parent);
+       strbuf_addf(sb, "parent %s\n", parent);
+}
+
 int cmd_commit(int argc, const char **argv, const char *prefix)
 {
        int header_len;
@@ -818,21 +829,24 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
                        die("could not parse HEAD commit");
 
                for (c = commit->parents; c; c = c->next)
-                       strbuf_addf(&sb, "parent %s\n",
-                                     sha1_to_hex(c->item->object.sha1));
+                       add_parent(&sb, c->item->object.sha1);
        } else if (in_merge) {
                struct strbuf m;
                FILE *fp;
 
                reflog_msg = "commit (merge)";
-               strbuf_addf(&sb, "parent %s\n", sha1_to_hex(head_sha1));
+               add_parent(&sb, head_sha1);
                strbuf_init(&m, 0);
                fp = fopen(git_path("MERGE_HEAD"), "r");
                if (fp == NULL)
                        die("could not open %s for reading: %s",
                            git_path("MERGE_HEAD"), strerror(errno));
-               while (strbuf_getline(&m, fp, '\n') != EOF)
-                       strbuf_addf(&sb, "parent %s\n", m.buf);
+               while (strbuf_getline(&m, fp, '\n') != EOF) {
+                       unsigned char sha1[20];
+                       if (get_sha1_hex(m.buf, sha1) < 0)
+                               die("Corrupt MERGE_HEAD file (%s)", m.buf);
+                       add_parent(&sb, sha1);
+               }
                fclose(fp);
                strbuf_release(&m);
        } else {