Merge branch 'js/misc-defensive' into seen

gitster · gitster · commit e4c67d331e30 · 2025-06-08T13:40:25.000-07:00
Assorted changes that please CodeQL.

* js/misc-defensive:
  shallow: handle missing shallow commits gracefully
  test-tool repository: check return value of `lookup_commit()`
  submodule: check return value of `submodule_from_path()`
  inherit_tracking(): defensive programming
  describe: defensive programming
  fetch: defensive programming
  push: defensive programming
  stash: defensive programming
  stash: defensive programming
  verify_commit_graph(): defensive programming
  unparse_commit(): defensive programming
  fetch-pack: defensive programming
  get_parent(): defensive programming
  revision: defensive programming
diff --git a/branch.c b/branch.c
@@ -224,6 +224,8 @@ static int inherit_tracking(struct tracking *tracking, const char *orig_ref)
 	skip_prefix(orig_ref, "refs/heads/", &bare_ref);
 
 	branch = branch_get(bare_ref);
+	if (!branch)
+		BUG("could not get branch for '%s", bare_ref);
 	if (!branch->remote_name) {
 		warning(_("asked to inherit tracking from '%s', but no remote is set"),
 			bare_ref);
diff --git a/builtin/describe.c b/builtin/describe.c
@@ -324,6 +324,8 @@ static void describe_commit(struct object_id *oid, struct strbuf *dst)
 	unsigned int unannotated_cnt = 0;
 
 	cmit = lookup_commit_reference(the_repository, oid);
+	if (!cmit)
+		die(_("could not look up commit '%s'"), oid_to_hex(oid));
 
 	n = find_commit_name(&cmit->object.oid);
 	if (n && (tags || all || n->prio == 2)) {
diff --git a/builtin/fetch.c b/builtin/fetch.c
@@ -552,7 +552,7 @@ static struct ref *get_ref_map(struct remote *remote,
 		if (remote &&
 		    (remote->fetch.nr ||
 		     /* Note: has_merge implies non-NULL branch->remote_name */
-		     (has_merge && !strcmp(branch->remote_name, remote->name)))) {
+		     (has_merge && branch && !strcmp(branch->remote_name, remote->name)))) {
 			for (i = 0; i < remote->fetch.nr; i++) {
 				get_fetch_map(remote_refs, &remote->fetch.items[i], &tail, 0);
 				if (remote->fetch.items[i].dst &&
@@ -570,6 +570,7 @@ static struct ref *get_ref_map(struct remote *remote,
 			 * Note: has_merge implies non-NULL branch->remote_name
 			 */
 			if (has_merge &&
+			    branch &&
 			    !strcmp(branch->remote_name, remote->name))
 				add_merge_config(&ref_map, remote_refs, branch, &tail);
 		} else if (!prefetch) {
diff --git a/builtin/push.c b/builtin/push.c
@@ -90,7 +90,7 @@ static void refspec_append_mapped(struct refspec *refspec, const char *ref,
 	if (push_default == PUSH_DEFAULT_UPSTREAM &&
 	    skip_prefix(matched->name, "refs/heads/", &branch_name)) {
 		struct branch *branch = branch_get(branch_name);
-		if (branch->merge_nr == 1 && branch->merge[0]->src) {
+		if (branch && branch->merge_nr == 1 && branch->merge[0]->src) {
 			refspec_appendf(refspec, "%s:%s",
 					ref, branch->merge[0]->src);
 			return;
diff --git a/builtin/stash.c b/builtin/stash.c
@@ -343,7 +343,7 @@ static int reset_tree(struct object_id *i_tree, int update, int reset)
 	memset(&opts, 0, sizeof(opts));
 
 	tree = parse_tree_indirect(i_tree);
-	if (parse_tree(tree))
+	if (!tree || parse_tree(tree))
 		return -1;
 
 	init_tree_desc(t, &tree->object.oid, tree->buffer, tree->size);
@@ -1456,6 +1456,11 @@ static int do_create_stash(const struct pathspec *ps, struct strbuf *stash_msg_b
 		goto done;
 	} else {
 		head_commit = lookup_commit(the_repository, &info->b_commit);
+		if (!head_commit) {
+			ret = error(_("could not look up commit '%s'"),
+				    oid_to_hex (&info->b_commit));
+			goto done;
+		}
 	}
 
 	if (!check_changes(ps, include_untracked, &untracked_files)) {
diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c
@@ -1937,6 +1937,9 @@ static int determine_submodule_update_strategy(struct repository *r,
 	const char *val;
 	int ret;
 
+	if (!sub)
+		return error(_("could not retrieve submodule information for path '%s'"), path);
+
 	key = xstrfmt("submodule.%s.update", sub->name);
 
 	if (update) {
diff --git a/commit-graph.c b/commit-graph.c
@@ -2796,6 +2796,11 @@ static int verify_one_commit_graph(struct repository *r,
 			the_repository->hash_algo);
 
 		graph_commit = lookup_commit(r, &cur_oid);
+		if (!graph_commit) {
+			graph_report(_("failed to look up commit %s for commit-graph"),
+				     oid_to_hex(&cur_oid));
+			continue;
+		}
 		odb_commit = (struct commit *)create_object(r, &cur_oid, alloc_commit_node(r));
 		if (repo_parse_commit_internal(r, odb_commit, 0, 0)) {
 			graph_report(_("failed to parse commit %s from object database for commit-graph"),
diff --git a/commit.c b/commit.c
@@ -188,7 +188,7 @@ void unparse_commit(struct repository *r, const struct object_id *oid)
 {
 	struct commit *c = lookup_commit(r, oid);
 
-	if (!c->object.parsed)
+	if (!c || !c->object.parsed)
 		return;
 	free_commit_list(c->parents);
 	c->parents = NULL;
diff --git a/fetch-pack.c b/fetch-pack.c
@@ -156,7 +156,7 @@ static struct commit *deref_without_lazy_fetch(const struct object_id *oid,
 			struct tag *tag = (struct tag *)
 				parse_object(the_repository, oid);
 
-			if (!tag->tagged)
+			if (!tag || !tag->tagged)
 				return NULL;
 			if (mark_tags_complete_and_check_obj_db)
 				tag->object.flags |= COMPLETE;
diff --git a/object-name.c b/object-name.c
@@ -1112,7 +1112,7 @@ static enum get_oid_result get_parent(struct repository *r,
 	if (ret)
 		return ret;
 	commit = lookup_commit_reference(r, &oid);
-	if (repo_parse_commit(r, commit))
+	if (!commit || repo_parse_commit(r, commit))
 		return MISSING_OBJECT;
 	if (!idx) {
 		oidcpy(result, &commit->object.oid);
diff --git a/revision.c b/revision.c
@@ -3354,6 +3354,9 @@ static int leave_one_treesame_to_parent(struct rev_info *revs, struct commit *co
 	struct commit_list *p;
 	unsigned n;
 
+	if (!ts)
+		return 0;
+
 	for (p = commit->parents, n = 0; p; p = p->next, n++) {
 		if (ts->treesame[n]) {
 			if (p->item->object.flags & TMP_MARK) {
diff --git a/shallow.c b/shallow.c
@@ -705,7 +705,8 @@ void assign_shallow_commits_to_refs(struct shallow_info *info,
 	for (i = 0; i < nr_shallow; i++) {
 		struct commit *c = lookup_commit(the_repository,
 						 &oid[shallow[i]]);
-		c->object.flags |= BOTTOM;
+		if (c)
+			c->object.flags |= BOTTOM;
 	}
 
 	for (i = 0; i < ref->nr; i++)
diff --git a/t/helper/test-repository.c b/t/helper/test-repository.c
@@ -27,6 +27,8 @@ static void test_parse_commit_in_graph(const char *gitdir, const char *worktree,
 	repo_set_hash_algo(the_repository, hash_algo_by_ptr(r.hash_algo));
 
 	c = lookup_commit(&r, commit_oid);
+	if (!c)
+		die("Could not look up %s", oid_to_hex(commit_oid));
 
 	if (!parse_commit_in_graph(&r, c))
 		die("Couldn't parse commit");

Original file line number	Diff line number	Diff line change
`@@ -188,7 +188,7 @@ void unparse_commit(struct repository r, const struct object_id oid)`
`188`	`188`	`{`
`189`	`189`	`struct commit *c = lookup_commit(r, oid);`
`190`	`190`
`191`		`- if (!c->object.parsed)`
	`191`	`+ if (!c \|\| !c->object.parsed)`
`192`	`192`	`return;`
`193`	`193`	`free_commit_list(c->parents);`
`194`	`194`	`c->parents = NULL;`
Original file line number	Diff line number	Diff line change
`@@ -705,7 +705,8 @@ void assign_shallow_commits_to_refs(struct shallow_info *info,`
`705`	`705`	`for (i = 0; i < nr_shallow; i++) {`
`706`	`706`	`struct commit *c = lookup_commit(the_repository,`
`707`	`707`	`&oid[shallow[i]]);`
`708`		`- c->object.flags \|= BOTTOM;`
	`708`	`+ if (c)`
	`709`	`+ c->object.flags \|= BOTTOM;`
`709`	`710`	`}`
`710`	`711`
`711`	`712`	`for (i = 0; i < ref->nr; i++)`