]> git.ipfire.org Git - thirdparty/git.git/commit
projects / thirdparty / git.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fcc683) | patch
hash.h: introduce `unsafe_hash_algo()`
authorTaylor Blau <me@ttaylorr.com>
Thu, 23 Jan 2025 17:34:29 +0000 (12:34 -0500)
committerJunio C Hamano <gitster@pobox.com>
Thu, 23 Jan 2025 18:28:16 +0000 (10:28 -0800)
commit7b081d2f70feb7eadd1e93f52146e5d68371451d
treedd6df7d1004c9df246274c6b2670eb0636267e73tree | snapshot
parent5fcc683338e947d1226a9426174e7c48ce849c47commit | diff
hash.h: introduce `unsafe_hash_algo()`

In 253ed9ecff (hash.h: scaffolding for _unsafe hashing variants,
2024-09-26), we introduced "unsafe" variants of the SHA-1 hashing
functions by introducing new functions like "unsafe_init_fn()" and so
on.

This approach has a major shortcoming that callers must remember to
consistently use one variant or the other. Failing to consistently use
(or not use) the unsafe variants can lead to crashes at best, or subtle
memory corruption issues at worst.

In the hashfile API, this isn't difficult to achieve, but verifying that
all callers consistently use the unsafe variants is somewhat of a chore
given how spread out all of the callers are. In the sha1 and sha1-unsafe
test helpers, all of the calls to various hash functions are guarded by
an "if (unsafe)" conditional, which is repetitive and cumbersome.

Address these issues by introducing a new pattern whereby one
'git_hash_algo' can return a pointer to another 'git_hash_algo' that
represents the unsafe version of itself. So instead of having something
like:

    if (unsafe)
      the_hash_algo->init_fn(...);
      the_hash_algo->update_fn(...);
      the_hash_algo->final_fn(...);
    else
      the_hash_algo->unsafe_init_fn(...);
      the_hash_algo->unsafe_update_fn(...);
      the_hash_algo->unsafe_final_fn(...);

we can instead write:

    struct git_hash_algo *algop = the_hash_algo;
    if (unsafe)
      algop = unsafe_hash_algo(algop);

    algop->init_fn(...);
    algop->update_fn(...);
    algop->final_fn(...);

This removes the existing shortcoming by no longer forcing the caller to
"remember" which variant of the hash functions it wants to call, only to
hold onto a 'struct git_hash_algo' pointer that is initialized once.

Similarly, while there currently is still a way to "mix" safe and unsafe
functions, this too will go away after subsequent commits remove all
direct calls to the unsafe_ variants.

Note that hash_algo_by_ptr() needs an adjustment to allow passing in the
unsafe variant of a hash function. All other query functions on the
hash_algos array will continue to return the safe variants of any
function.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
hash.h diff | blob | blame | history
object-file.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.