strbuf_read: help with CodeQL misunderstanding that strbuf_read() does NUL-terminate correctly

dscho · dscho · commit 0b03b3046182 · 2025-11-05T14:07:25.000+01:00
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
diff --git a/builtin/am.c b/builtin/am.c
@@ -434,33 +434,33 @@ static void am_load(struct am_state *state)
 	}
 
 	read_state_file(&sb, state, "keep", 1);
-	if (!strcmp(sb.buf, "t"))
+	if (!strcmp(sb.buf, "t")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		state->keep = KEEP_TRUE;
-	else if (!strcmp(sb.buf, "b"))
+	else if (!strcmp(sb.buf, "b")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		state->keep = KEEP_NON_PATCH;
 	else
 		state->keep = KEEP_FALSE;
 
 	read_state_file(&sb, state, "messageid", 1);
-	state->message_id = !strcmp(sb.buf, "t");
+	state->message_id = !strcmp(sb.buf, "t"); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 
 	read_state_file(&sb, state, "scissors", 1);
-	if (!strcmp(sb.buf, "t"))
+	if (!strcmp(sb.buf, "t")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		state->scissors = SCISSORS_TRUE;
-	else if (!strcmp(sb.buf, "f"))
+	else if (!strcmp(sb.buf, "f")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		state->scissors = SCISSORS_FALSE;
 	else
 		state->scissors = SCISSORS_UNSET;
 
 	read_state_file(&sb, state, "quoted-cr", 1);
 	if (!*sb.buf)
 		state->quoted_cr = quoted_cr_unset;
-	else if (mailinfo_parse_quoted_cr_action(sb.buf, &state->quoted_cr) != 0)
+	else if (mailinfo_parse_quoted_cr_action(sb.buf, &state->quoted_cr) != 0) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		die(_("could not parse %s"), am_path(state, "quoted-cr"));
 
 	read_state_file(&sb, state, "apply-opt", 1);
 	strvec_clear(&state->git_apply_opts);
-	if (sq_dequote_to_strvec(sb.buf, &state->git_apply_opts) < 0)
+	if (sq_dequote_to_strvec(sb.buf, &state->git_apply_opts) < 0) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		die(_("could not parse %s"), am_path(state, "apply-opt"));
 
 	state->rebasing = !!file_exists(am_path(state, "rebasing"));
diff --git a/builtin/clone.c b/builtin/clone.c
@@ -120,7 +120,7 @@ static const char *get_repo_path_1(struct strbuf *path, int *is_bundle)
 				continue;
 			len = read_in_full(fd, signature, 8);
 			close(fd);
-			if (len != 8 || strncmp(signature, "gitdir: ", 8))
+			if (len != 8 || strncmp(signature, "gitdir: ", 8)) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				continue;
 			dst = read_gitfile(path->buf);
 			if (dst) {
diff --git a/builtin/commit.c b/builtin/commit.c
@@ -1875,7 +1875,7 @@ int cmd_commit(int argc,
 		if (!stat(git_path_merge_mode(the_repository), &statbuf)) {
 			if (strbuf_read_file(&sb, git_path_merge_mode(the_repository), 0) < 0)
 				die_errno(_("could not read MERGE_MODE"));
-			if (!strcmp(sb.buf, "no-ff"))
+			if (!strcmp(sb.buf, "no-ff")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				allow_fast_forward = 0;
 		}
 		if (allow_fast_forward)
diff --git a/builtin/rebase.c b/builtin/rebase.c
@@ -482,9 +482,9 @@ static int read_basic_state(struct rebase_options *opts)
 		if (!read_oneliner(&buf, state_dir_path("allow_rerere_autoupdate", opts),
 				   READ_ONELINER_WARN_MISSING))
 			return -1;
-		if (!strcmp(buf.buf, "--rerere-autoupdate"))
+		if (!strcmp(buf.buf, "--rerere-autoupdate")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 			opts->allow_rerere_autoupdate = RERERE_AUTOUPDATE;
-		else if (!strcmp(buf.buf, "--no-rerere-autoupdate"))
+		else if (!strcmp(buf.buf, "--no-rerere-autoupdate")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 			opts->allow_rerere_autoupdate = RERERE_NOAUTOUPDATE;
 		else
 			warning(_("ignoring invalid allow_rerere_autoupdate: "
diff --git a/bundle.c b/bundle.c
@@ -66,7 +66,7 @@ static int parse_bundle_signature(struct bundle_header *header, const char *line
 	int i;
 
 	for (i = 0; i < ARRAY_SIZE(bundle_sigs); i++) {
-		if (!strcmp(line, bundle_sigs[i].signature)) {
+		if (!strcmp(line, bundle_sigs[i].signature)) { // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 			header->version = bundle_sigs[i].version;
 			return 0;
 		}
@@ -82,7 +82,7 @@ int read_bundle_header_fd(int fd, struct bundle_header *header,
 
 	/* The bundle header begins with the signature */
 	if (strbuf_getwholeline_fd(&buf, fd, '\n') ||
-	    parse_bundle_signature(header, buf.buf)) {
+	    parse_bundle_signature(header, buf.buf)) { // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		if (report_path)
 			error(_("'%s' does not look like a v2 or v3 bundle file"),
 			      report_path);
diff --git a/credential.c b/credential.c
@@ -258,7 +258,7 @@ static char *credential_ask_one(const char *what, struct credential *c,
 
 	strbuf_release(&desc);
 	strbuf_release(&prompt);
-	return xstrdup(r);
+	return xstrdup(r); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 }
 
 static int credential_getpass(struct repository *r, struct credential *c)
diff --git a/mailinfo.c b/mailinfo.c
@@ -1238,11 +1238,11 @@ int mailinfo(struct mailinfo *mi, const char *msg, const char *patch)
 
 int mailinfo_parse_quoted_cr_action(const char *actionstr, int *action)
 {
-	if (!strcmp(actionstr, "nowarn"))
+	if (!strcmp(actionstr, "nowarn")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		*action = quoted_cr_nowarn;
-	else if (!strcmp(actionstr, "warn"))
+	else if (!strcmp(actionstr, "warn")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		*action = quoted_cr_warn;
-	else if (!strcmp(actionstr, "strip"))
+	else if (!strcmp(actionstr, "strip")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		*action = quoted_cr_strip;
 	else
 		return -1;
diff --git a/prompt.c b/prompt.c
@@ -37,7 +37,7 @@ static char *do_askpass(const char *cmd, const char *prompt)
 		return NULL;
 	}
 
-	strbuf_setlen(&buffer, strcspn(buffer.buf, "\r\n"));
+	strbuf_setlen(&buffer, strcspn(buffer.buf, "\r\n")); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 
 	return buffer.buf;
 }
diff --git a/sequencer.c b/sequencer.c
@@ -2960,7 +2960,7 @@ static int have_finished_the_last_pick(void)
 		}
 	}
 	/* If there is only one line then we are done */
-	eol = strchr(buf.buf, '\n');
+	eol = strchr(buf.buf, '\n'); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 	if (!eol || !eol[1])
 		ret = 1;
 
@@ -3193,9 +3193,9 @@ static int read_populate_opts(struct replay_opts *opts)
 
 		if (read_oneliner(&buf, rebase_path_allow_rerere_autoupdate(),
 				  READ_ONELINER_SKIP_IF_EMPTY)) {
-			if (!strcmp(buf.buf, "--rerere-autoupdate"))
+			if (!strcmp(buf.buf, "--rerere-autoupdate")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				opts->allow_rerere_auto = RERERE_AUTOUPDATE;
-			else if (!strcmp(buf.buf, "--no-rerere-autoupdate"))
+			else if (!strcmp(buf.buf, "--no-rerere-autoupdate")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				opts->allow_rerere_auto = RERERE_NOAUTOUPDATE;
 			strbuf_reset(&buf);
 		}
@@ -3240,7 +3240,7 @@ static int read_populate_opts(struct replay_opts *opts)
 				  READ_ONELINER_SKIP_IF_EMPTY)) {
 			const char *p = ctx->current_fixups.buf;
 			ctx->current_fixup_count = 1;
-			while ((p = strchr(p, '\n'))) {
+			while ((p = strchr(p, '\n'))) { // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				ctx->current_fixup_count++;
 				p++;
 			}
diff --git a/strvec.c b/strvec.c
@@ -22,7 +22,7 @@ void strvec_push_nodup(struct strvec *array, char *value)
 
 const char *strvec_push(struct strvec *array, const char *value)
 {
-	strvec_push_nodup(array, xstrdup(value));
+	strvec_push_nodup(array, xstrdup(value)); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 	return array->v[array->nr - 1];
 }
 
diff --git a/submodule.c b/submodule.c
@@ -2512,11 +2512,11 @@ int get_superproject_working_tree(struct strbuf *buf)
 		 * The format is <mode> SP <hash> SP <stage> TAB <full name> \0,
 		 * We're only interested in the name after the tab.
 		 */
-		super_sub = strchr(sb.buf, '\t') + 1;
-		super_sub_len = strlen(super_sub);
+		super_sub = strchr(sb.buf, '\t') + 1; // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
+		super_sub_len = strlen(super_sub); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 
 		if (super_sub_len > cwd_len ||
-		    strcmp(&cwd[cwd_len - super_sub_len], super_sub))
+		    strcmp(&cwd[cwd_len - super_sub_len], super_sub)) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 			BUG("returned path string doesn't match cwd?");
 
 		super_wt = xstrdup(cwd);
diff --git a/t/helper/test-rot13-filter.c b/t/helper/test-rot13-filter.c
@@ -215,7 +215,7 @@ static void command_loop(void)
 
 		/* Read until flush */
 		while ((buf = packet_read_line(0, NULL))) {
-			if (!strcmp(buf, "can-delay=1")) {
+			if (!strcmp(buf, "can-delay=1")) { // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 				entry = strmap_get(&delay, pathname);
 				if (entry && !entry->requested)
 					entry->requested = 1;
@@ -308,11 +308,11 @@ static void packet_initialize(void)
 {
 	char *pkt_buf = packet_read_line(0, NULL);
 
-	if (!pkt_buf || strcmp(pkt_buf, "git-filter-client"))
+	if (!pkt_buf || strcmp(pkt_buf, "git-filter-client")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		die("bad initialize: '%s'", str_or_null(pkt_buf));
 
 	pkt_buf = packet_read_line(0, NULL);
-	if (!pkt_buf || strcmp(pkt_buf, "version=2"))
+	if (!pkt_buf || strcmp(pkt_buf, "version=2")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		die("bad version: '%s'", str_or_null(pkt_buf));
 
 	pkt_buf = packet_read_line(0, NULL);
diff --git a/wrapper.c b/wrapper.c
@@ -40,7 +40,7 @@ static int memory_limit_check(size_t size, int gentle)
 
 char *xstrdup(const char *str)
 {
-	char *ret = strdup(str);
+	char *ret = strdup(str); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 	if (!ret)
 		die("Out of memory, strdup failed");
 	return ret;
diff --git a/wt-status.c b/wt-status.c
@@ -1111,7 +1111,7 @@ size_t wt_status_locate_end(const char *s, size_t len)
 	if (starts_with(s, pattern.buf + 1) &&
 	    starts_with_newline(s + pattern.len - 1))
 		len = 0;
-	else if ((p = strstr(s, pattern.buf)) &&
+	else if ((p = strstr(s, pattern.buf)) && // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand
 		 starts_with_newline(p + pattern.len)) {
 		size_t newlen = p - s + 1;
 		if (newlen < len)

Original file line number	Diff line number	Diff line change
`@@ -1875,7 +1875,7 @@ int cmd_commit(int argc,`
`1875`	`1875`	`if (!stat(git_path_merge_mode(the_repository), &statbuf)) {`
`1876`	`1876`	`if (strbuf_read_file(&sb, git_path_merge_mode(the_repository), 0) < 0)`
`1877`	`1877`	`die_errno(_("could not read MERGE_MODE"));`
`1878`		`- if (!strcmp(sb.buf, "no-ff"))`
	`1878`	`+ if (!strcmp(sb.buf, "no-ff")) // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand`
`1879`	`1879`	`allow_fast_forward = 0;`
`1880`	`1880`	`}`
`1881`	`1881`	`if (allow_fast_forward)`
Original file line number	Diff line number	Diff line change
`@@ -258,7 +258,7 @@ static char credential_ask_one(const char what, struct credential *c,`
`258`	`258`
`259`	`259`	`strbuf_release(&desc);`
`260`	`260`	`strbuf_release(&prompt);`
`261`		`- return xstrdup(r);`
	`261`	`+ return xstrdup(r); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand`
`262`	`262`	`}`
`263`	`263`
`264`	`264`	`static int credential_getpass(struct repository r, struct credential c)`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ static char do_askpass(const char cmd, const char *prompt)`
`37`	`37`	`return NULL;`
`38`	`38`	`}`
`39`	`39`
`40`		`- strbuf_setlen(&buffer, strcspn(buffer.buf, "\r\n"));`
	`40`	`+ strbuf_setlen(&buffer, strcspn(buffer.buf, "\r\n")); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand`
`41`	`41`
`42`	`42`	`return buffer.buf;`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ void strvec_push_nodup(struct strvec array, char value)`
`22`	`22`
`23`	`23`	`const char strvec_push(struct strvec array, const char *value)`
`24`	`24`	`{`
`25`		`- strvec_push_nodup(array, xstrdup(value));`
	`25`	`+ strvec_push_nodup(array, xstrdup(value)); // CodeQL [SM01932] justification: CodeQL is wrong here because the value is read from a file via strbuf_read() which does NUL-terminate the string, something CodeQL fails to understand`
`26`	`26`	`return array->v[array->nr - 1];`
`27`	`27`	`}`
`28`	`28`