Re: Potential Null Pointer Dereference detected by static analysis tool

Phillip Wood <phillip.wood123@xxxxxxxxx> · Fri, 15 Aug 2025 16:49:12 +0100

Hi Peff

On 15/08/2025 00:26, Jeff King wrote:
On Wed, Aug 13, 2025 at 02:19:14PM +0100, Phillip Wood wrote:

I had a quick look at the callers of describe_commit() and they all seem to
use an oid that they get from looking up a commit so I'm not sure under what
circumstances this call to lookup_commit_reference() can fail.

I wonder if it would make sense for describe_commit() to just take a
"struct commit" pointer. Then it could skip the call to turn the oid
into a commit entirely, and the compiler would make sure we always have
a commit. :)

I think that's a good idea, it would be clearer to the reader that we've 
already looked up the commit before calling describe_commit() as well.

Thanks

Phillip

Something like this (totally untested, and not something I'm planning to
follow up on, but maybe inspirational):

diff --git a/builtin/describe.c b/builtin/describe.c
index 32f5bf513f..3e8691a4c4 100644
--- a/builtin/describe.c
+++ b/builtin/describe.c
@@ -352,26 +352,24 @@ static void append_suffix(int depth, const struct object_id *oid, struct strbuf
  		    repo_find_unique_abbrev(the_repository, oid, abbrev));
  }
  
-static void describe_commit(struct object_id *oid, struct strbuf *dst)
+static void describe_commit(struct commit *cmit, struct strbuf *dst)
  {
-	struct commit *cmit, *gave_up_on = NULL;
+	struct commit *gave_up_on = NULL;
  	struct lazy_queue queue = LAZY_QUEUE_INIT;
  	struct commit_name *n;
  	struct possible_tag all_matches[MAX_TAGS];
  	unsigned int match_cnt = 0, annotated_cnt = 0, cur_match;
  	unsigned long seen_commits = 0;
  	unsigned int unannotated_cnt = 0;
  
-	cmit = lookup_commit_reference(the_repository, oid);
-
  	n = find_commit_name(&cmit->object.oid);
  	if (n && (tags || all || n->prio == 2)) {
  		/*
  		 * Exact match to an existing ref.
  		 */
  		append_name(n, dst);
  		if (n->misnamed || longformat)
-			append_suffix(0, n->tag ? get_tagged_oid(n->tag) : oid, dst);
+			append_suffix(0, n->tag ? get_tagged_oid(n->tag) : &cmit->object.oid, dst);
  		if (suffix)
  			strbuf_addstr(dst, suffix);
  		return;
@@ -528,7 +526,7 @@ static void describe_commit(struct object_id *oid, struct strbuf *dst)
  }
  
  struct process_commit_data {
-	struct object_id current_commit;
+	struct commit *current_commit;
  	struct object_id looking_for;
  	struct strbuf *dst;
  	struct rev_info *revs;
@@ -537,7 +535,7 @@ struct process_commit_data {
  static void process_commit(struct commit *commit, void *data)
  {
  	struct process_commit_data *pcd = data;
-	pcd->current_commit = commit->object.oid;
+	pcd->current_commit = commit;
  }
  
  static void process_object(struct object *obj, const char *path, void *data)
@@ -546,7 +544,7 @@ static void process_object(struct object *obj, const char *path, void *data)
  
  	if (oideq(&pcd->looking_for, &obj->oid) && !pcd->dst->len) {
  		reset_revision_walk();
-		describe_commit(&pcd->current_commit, pcd->dst);
+		describe_commit(pcd->current_commit, pcd->dst);
  		strbuf_addf(pcd->dst, ":%s", path);
  		clear_prio_queue(&pcd->revs->commits);
  	}
@@ -556,7 +554,7 @@ static void describe_blob(struct object_id oid, struct strbuf *dst)
  {
  	struct rev_info revs;
  	struct strvec args = STRVEC_INIT;
-	struct process_commit_data pcd = { *null_oid(the_hash_algo), oid, dst, &revs};
+	struct process_commit_data pcd = { NULL, oid, dst, &revs};
  
  	strvec_pushl(&args, "internal: The first arg is not parsed",
  		     "--objects", "--in-commit-order", "--reverse", "HEAD",
@@ -589,7 +587,7 @@ static void describe(const char *arg, int last_one)
  	cmit = lookup_commit_reference_gently(the_repository, &oid, 1);
  
  	if (cmit)
-		describe_commit(&oid, &sb);
+		describe_commit(cmit, &sb);
  	else if (odb_read_object_info(the_repository->objects,
  				      &oid, NULL) == OBJ_BLOB)
  		describe_blob(oid, &sb);








