diff options
author | Jeff King <peff@peff.net> | 2017-09-27 02:00:28 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-27 15:45:24 +0900 |
commit | 61d36330b422237b6be9581cdbade07782ab61a8 (patch) | |
tree | 3992d5a85c03b6d88924c10f7a79b252e44c36be | |
parent | a1f3515da74504db0a046759d9ac1615a1d5f4b8 (diff) | |
download | git-61d36330b422237b6be9581cdbade07782ab61a8.tar.gz |
prefer "!=" when checking read_in_full() result
Comparing the result of read_in_full() using less-than is
potentially dangerous, as a negative return value may be
converted to an unsigned type and be considered a success.
This is discussed further in 561598cfcf (read_pack_header:
handle signed/unsigned comparison in read result,
2017-09-13).
Each of these instances is actually fine in practice:
- in get-tar-commit-id, the HEADERSIZE macro expands to a
signed integer. If it were switched to an unsigned type
(e.g., a size_t), then it would be a bug.
- the other two callers check for a short read only after
handling a negative return separately. This is a fine
practice, but we'd prefer to model "!=" as a general
rule.
So all of these cases can be considered cleanups and not
actual bugfixes.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | builtin/get-tar-commit-id.c | 2 | ||||
-rw-r--r-- | csum-file.c | 2 | ||||
-rw-r--r-- | pkt-line.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/builtin/get-tar-commit-id.c b/builtin/get-tar-commit-id.c index 6d9a79f9b3..cd3e656828 100644 --- a/builtin/get-tar-commit-id.c +++ b/builtin/get-tar-commit-id.c @@ -26,7 +26,7 @@ int cmd_get_tar_commit_id(int argc, const char **argv, const char *prefix) usage(builtin_get_tar_commit_id_usage); n = read_in_full(0, buffer, HEADERSIZE); - if (n < HEADERSIZE) + if (n != HEADERSIZE) die("git get-tar-commit-id: read error"); if (header->typeflag[0] != 'g') return 1; diff --git a/csum-file.c b/csum-file.c index a172199e44..2adae04073 100644 --- a/csum-file.c +++ b/csum-file.c @@ -19,7 +19,7 @@ static void flush(struct sha1file *f, const void *buf, unsigned int count) if (ret < 0) die_errno("%s: sha1 file read error", f->name); - if (ret < count) + if (ret != count) die("%s: sha1 file truncated", f->name); if (memcmp(buf, check_buffer, count)) die("sha1 file '%s' validation error", f->name); diff --git a/pkt-line.c b/pkt-line.c index 647bbd3bce..93ea311443 100644 --- a/pkt-line.c +++ b/pkt-line.c @@ -258,7 +258,7 @@ static int get_packet_data(int fd, char **src_buf, size_t *src_size, } /* And complain if we didn't get enough bytes to satisfy the read. */ - if (ret < size) { + if (ret != size) { if (options & PACKET_READ_GENTLE_ON_EOF) return -1; |