Don't ever return corrupt objects from "parse_object()"

Looking at the SHA1 validation code due to the corruption that Alexander
Litvinov is seeing under Cygwin, I notice that one of the most central
places where we read objects, we actually do end up verifying the SHA1 of
the result, but then we happily parse it anyway.

And using "printf" to write the error message means that it not only can
get lost, but will actually mess up stdout, and cause other strange and
hard-to-debug failures downstream.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/object.c b/object.c
index 5b468893421794c50741ce9085c12bc41fb1985f..78a44a6ef4e4823487861c9173f3db4a3fb76e3a 100644 (file)
--- a/object.c
+++ b/object.c
@@ -184,8 +184,10 @@ struct object *parse_object(const unsigned char *sha1)
 
        if (buffer) {
                struct object *obj;
-               if (check_sha1_signature(sha1, buffer, size, typename(type)) < 0)
-                       printf("sha1 mismatch %s\n", sha1_to_hex(sha1));
+               if (check_sha1_signature(sha1, buffer, size, typename(type)) < 0) {
+                       error("sha1 mismatch %s\n", sha1_to_hex(sha1));
+                       return NULL;
+               }
 
                obj = parse_object_buffer(sha1, type, size, buffer, &eaten);
                if (!eaten)