Add a check to prevent max_children from being 0, which may cause potential divide-by-zero. #1975
Conversation
Welcome to GitGitGadgetHi @mugitya03, and welcome to GitGitGadget, the GitHub App to send patch series to the Git mailing list from GitHub Pull Requests. Please make sure that either:
You can CC potential reviewers by adding a footer to the PR description with the following syntax: NOTE: DO NOT copy/paste your CC list from a previous GGG PR's description, Also, it is a good idea to review the commit messages one last time, as the Git project expects them in a quite specific form:
It is in general a good idea to await the automated test ("Checks") in this Pull Request before contributing the patches, e.g. to avoid trivial issues such as unportable code. Contributing the patchesBefore you can contribute the patches, your GitHub username needs to be added to the list of permitted users. Any already-permitted user can do that, by adding a comment to your PR of the form Both the person who commented An alternative is the channel Once on the list of permitted usernames, you can contribute the patches to the Git mailing list by adding a PR comment If you want to see what email(s) would be sent for a After you submit, GitGitGadget will respond with another comment that contains the link to the cover letter mail in the Git mailing list archive. Please make sure to monitor the discussion in that thread and to address comments and suggestions (while the comments and suggestions will be mirrored into the PR by GitGitGadget, you will still want to reply via mail). If you do not want to subscribe to the Git mailing list just to be able to respond to a mail, you can download the mbox from the Git mailing list archive (click the curl -g --user "<EMailAddress>:<Password>" \
--url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txtTo iterate on your change, i.e. send a revised patch or patch series, you will first want to (force-)push to the same branch. You probably also want to modify your Pull Request description (or title). It is a good idea to summarize the revision by adding something like this to the cover letter (read: by editing the first comment on the PR, i.e. the PR description): To send a new iteration, just add another PR comment with the contents: Need help?New contributors who want advice are encouraged to join [email protected], where volunteers who regularly contribute to Git are willing to answer newbie questions, give advice, or otherwise provide mentoring to interested contributors. You must join in order to post or view messages, but anyone can join. You may also be able to find help in real time in the developer IRC channel, |
|
There are issues in commit beebfb5: |
|
/allow |
|
User mugitya03 is now allowed to use GitGitGadget. WARNING: mugitya03 has no public email address set on GitHub; GitGitGadget needs an email address to Cc: you on your contribution, so that you receive any feedback on the Git mailing list. Go to https://github.com/settings/profile to make your preferred email public to let GitGitGadget know which email address to use. |
|
/submit |
|
Error: Could not determine full name of mugitya03 |
|
/submit |
|
There are issues in commit beebfb5: |
|
/submit |
|
There are issues in commit b718ef5: |
1 similar comment
|
There are issues in commit b718ef5: |
In function fetch_multiple and fetch_submodules, `multiple` is stored in `opt.process` and later used as a divisor in function `pp_collect_finished`, creating a potential divide-by-zero if it remains zero. Signed-off-by: Alex Guo <[email protected]>
|
/submit |
|
Submitted as [email protected] To fetch this version into To fetch this version to local tag |
|
On the Git mailing list, Junio C Hamano wrote (reply to this): "Alex via GitGitGadget" <[email protected]> writes:
> From: jinyaoguo <[email protected]>
This name (i.e. the author ident when you do "git comimt") ...
>
> In function fetch_multiple and fetch_submodules, `multiple` is
> stored in `opt.process` and later used as a divisor in function
> `pp_collect_finished`, creating a potential divide-by-zero if it
> remains zero.
>
> Signed-off-by: Alex Guo <[email protected]>
... must match the name used here you sign your work off as.
Unless you are forwarding a patch that is signed-off by somebody
else, in which case, their sign-off comes first and then yours.
> diff --git a/builtin/fetch.c b/builtin/fetch.c
> index cda6eaf1fd6..b668187627a 100644
> --- a/builtin/fetch.c
> +++ b/builtin/fetch.c
> @@ -2591,7 +2591,7 @@ int cmd_fetch(int argc,
> die(_("--stdin can only be used when fetching "
> "from one remote"));
>
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.parallel;
>
> /* TODO should this also die if we have a previous partial-clone? */
> @@ -2613,9 +2613,9 @@ int cmd_fetch(int argc,
> struct strvec options = STRVEC_INIT;
> int max_children = max_jobs;
>
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.submodule_fetch_jobs;
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.parallel;
>
> add_options_to_argv(&options, &config);
>
> base-commit: 8613c2bb6cd16ef530dc5dd74d3b818a1ccbf1c0
I think you may have identified the right problem to fix, but I do
not know if the solution is correct.
If max_children can be 0 at this point due to loose parsing of the
end-user input, the config.parallel or config.submodule_fetch_jobs
configuration variables may be set to 0 due to the same kind of
loose parsing.
The command line parser parses -j0 as max_jobs==0 and then calls
online_cpus() to use. If the function returned 0 on a platform
whose online_cpus() implementation is buggy, max_children may be
initialized to 0 there. If fetch.parallel is given 0 by the user,
config.parallel gets value from online_cpus(), so it has the same
problem. submodule.fetchjobs has exactly the same issue in
submodule-config.c::parse_submodule_fetchjobs().
But otherwise, I see no plausible way to have max_children to be 0
here.
And if we want to protect a buggy online_cpus() that returns 0 or
negative, which probably is a good thing to do anyway, perhaps we
should do so at the source of the issue, perhaps like the attached
patch.
Or if you are trying to be defensive to withstand the change to
other parts of the code that may affect max_children coming into
this function, I think it is better to add
if (max_children <= 0)
max_children = 1;
before we enter the trace2_region that calls fetch_multiple() and
fetch_submodules().
Hmm?
thread-utils.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git c/thread-utils.c w/thread-utils.c
index 1f89ffab4c..a5d644bb38 100644
--- c/thread-utils.c
+++ w/thread-utils.c
@@ -36,7 +36,8 @@ int online_cpus(void)
#elif defined(hpux) || defined(__hpux) || defined(_hpux)
struct pst_dynamic psd;
- if (!pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0))
+ if (!pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0) &&
+ 0 < psd.psd_proc_cnt)
return (int)psd.psd_proc_cnt;
#elif defined(HAVE_BSD_SYSCTL) && defined(HW_NCPU)
int mib[2];
@@ -47,12 +48,14 @@ int online_cpus(void)
# ifdef HW_AVAILCPU
mib[1] = HW_AVAILCPU;
len = sizeof(cpucount);
- if (!sysctl(mib, 2, &cpucount, &len, NULL, 0))
+ if (!sysctl(mib, 2, &cpucount, &len, NULL, 0) &&
+ 0 < cpucount)
return cpucount;
# endif /* HW_AVAILCPU */
mib[1] = HW_NCPU;
len = sizeof(cpucount);
- if (!sysctl(mib, 2, &cpucount, &len, NULL, 0))
+ if (!sysctl(mib, 2, &cpucount, &len, NULL, 0) &&
+ 0 < cpucount)
return cpucount;
#endif /* defined(HAVE_BSD_SYSCTL) && defined(HW_NCPU) */
|
|
On the Git mailing list, Jinyao Guo wrote (reply to this): "Alex via GitGitGadget" <[email protected]> writes:
> From: jinyaoguo <[email protected]>
This name (i.e. the author ident when you do "git comimt") ...
>
> In function fetch_multiple and fetch_submodules, `multiple` is
> stored in `opt.process` and later used as a divisor in function
> `pp_collect_finished`, creating a potential divide-by-zero if it
> remains zero.
>
> Signed-off-by: Alex Guo <[email protected]>
... must match the name used here you sign your work off as.
Unless you are forwarding a patch that is signed-off by somebody
else, in which case, their sign-off comes first and then yours.
> diff --git a/builtin/fetch.c b/builtin/fetch.c
> index cda6eaf1fd6..b668187627a 100644
> --- a/builtin/fetch.c
> +++ b/builtin/fetch.c
> @@ -2591,7 +2591,7 @@ int cmd_fetch(int argc,
> die(_("--stdin can only be used when fetching "
> "from one remote"));
>
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.parallel;
>
> /* TODO should this also die if we have a previous partial-clone? */
> @@ -2613,9 +2613,9 @@ int cmd_fetch(int argc,
> struct strvec options = STRVEC_INIT;
> int max_children = max_jobs;
>
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.submodule_fetch_jobs;
> - if (max_children < 0)
> + if (max_children <= 0)
> max_children = config.parallel;
>
> add_options_to_argv(&options, &config);
>
> base-commit: 8613c2bb6cd16ef530dc5dd74d3b818a1ccbf1c0
I think you may have identified the right problem to fix, but I do
not know if the solution is correct.
If max_children can be 0 at this point due to loose parsing of the
end-user input, the config.parallel or config.submodule_fetch_jobs
configuration variables may be set to 0 due to the same kind of
loose parsing.
The command line parser parses -j0 as max_jobs==0 and then calls
online_cpus() to use. If the function returned 0 on a platform
whose online_cpus() implementation is buggy, max_children may be
initialized to 0 there. If fetch.parallel is given 0 by the user,
config.parallel gets value from online_cpus(), so it has the same
problem. submodule.fetchjobs has exactly the same issue in
submodule-config.c::parse_submodule_fetchjobs().
But otherwise, I see no plausible way to have max_children to be 0
here.
And if we want to protect a buggy online_cpus() that returns 0 or
negative, which probably is a good thing to do anyway, perhaps we
should do so at the source of the issue, perhaps like the attached
patch.
Or if you are trying to be defensive to withstand the change to
other parts of the code that may affect max_children coming into
this function, I think it is better to add
if (max_children <= 0)
max_children = 1;
before we enter the trace2_region that calls fetch_multiple() and
fetch_submodules().
Hmm?
thread-utils.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git c/thread-utils.c w/thread-utils.c
index 1f89ffab4c..a5d644bb38 100644
--- c/thread-utils.c
+++ w/thread-utils.c
@@ -36,7 +36,8 @@ int online_cpus(void)
#elif defined(hpux) || defined(__hpux) || defined(_hpux)
struct pst_dynamic psd;
- if (!pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0))
+ if (!pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0) &&
+ 0 < psd.psd_proc_cnt)
return (int)psd.psd_proc_cnt;
#elif defined(HAVE_BSD_SYSCTL) && defined(HW_NCPU)
int mib[2];
@@ -47,12 +48,14 @@ int online_cpus(void)
# ifdef HW_AVAILCPU
mib[1] = HW_AVAILCPU;
len = sizeof(cpucount);
- if (!sysctl(mib, 2, &cpucount, &len, NULL, 0))
+ if (!sysctl(mib, 2, &cpucount, &len, NULL, 0) &&
+ 0 < cpucount)
return cpucount;
# endif /* HW_AVAILCPU */
mib[1] = HW_NCPU;
len = sizeof(cpucount);
- if (!sysctl(mib, 2, &cpucount, &len, NULL, 0))
+ if (!sysctl(mib, 2, &cpucount, &len, NULL, 0) &&
+ 0 < cpucount)
return cpucount;
#endif /* defined(HAVE_BSD_SYSCTL) && defined(HW_NCPU) */
The patch to `online_cpus` looks good to me. We can ensure online_cpus() will never return 0 or a negative value under any circumstance. |
|
User |
cc: Jinyao Guo [email protected]