object API users + docs: check <0, not !0 with check_object_signature()

avar · gitster · commit ee213de22d15 · 2022-02-25T17:16:31.000-08:00
Change those users of the object API that misused
check_object_signature() by assuming it returned any non-zero when the
OID didn't match the expected value to check &lt;0 instead. In practice
all of this code worked before, but it wasn't consistent with rest of
the users of the API.

Let's also clarify what the &lt;0 return value means in API docs.

Signed-off-by: Ævar Arnfjörð Bjarmason &lt;avarab@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/builtin/index-pack.c b/builtin/index-pack.c
@@ -1412,9 +1412,8 @@ static void fix_unresolved_deltas(struct hashfile *f)
 		if (!data)
 			continue;
 
-		if (check_object_signature(the_repository, &d->oid,
-					   data, size,
-					   type_name(type), NULL))
+		if (check_object_signature(the_repository, &d->oid, data, size,
+					   type_name(type), NULL) < 0)
 			die(_("local object %s is corrupt"), oid_to_hex(&d->oid));
 
 		/*
diff --git a/builtin/mktag.c b/builtin/mktag.c
@@ -97,7 +97,7 @@ int cmd_mktag(int argc, const char **argv, const char *prefix)
 				&tagged_oid, &tagged_type))
 		die(_("tag on stdin did not pass our strict fsck check"));
 
-	if (verify_object_in_tag(&tagged_oid, &tagged_type))
+	if (verify_object_in_tag(&tagged_oid, &tagged_type) < 0)
 		die(_("tag on stdin did not refer to a valid object"));
 
 	if (write_object_file(buf.buf, buf.len, OBJ_TAG, &result) < 0)
diff --git a/cache.h b/cache.h
@@ -1324,6 +1324,9 @@ int parse_loose_header(const char *hdr, struct object_info *oi);
  * object name actually matches "oid" to detect object corruption.
  * With "buf" == NULL, try reading the object named with "oid" using
  * the streaming interface and rehash it to do the same.
+ *
+ * A negative value indicates an error, usually that the OID is not
+ * what we expected, but it might also indicate another error.
  */
 int check_object_signature(struct repository *r, const struct object_id *oid,
 			   void *buf, unsigned long size, const char *type,
diff --git a/object-file.c b/object-file.c
@@ -2613,7 +2613,7 @@ int read_loose_object(const char *path,
 		}
 		if (check_object_signature(the_repository, expected_oid,
 					   *contents, *size,
-					   oi->type_name->buf, real_oid))
+					   oi->type_name->buf, real_oid) < 0)
 			goto out;
 	}
 
diff --git a/pack-check.c b/pack-check.c
@@ -143,7 +143,7 @@ static int verify_packfile(struct repository *r,
 				    oid_to_hex(&oid), p->pack_name,
 				    (uintmax_t)entries[i].offset);
 		else if (check_object_signature(r, &oid, data, size,
-						type_name(type), NULL))
+						type_name(type), NULL) < 0)
 			err = error("packed %s from %s is corrupt",
 				    oid_to_hex(&oid), p->pack_name);
 		else if (fn) {

Original file line number	Diff line number	Diff line change
`@@ -2613,7 +2613,7 @@ int read_loose_object(const char *path,`
`2613`	`2613`	`}`
`2614`	`2614`	`if (check_object_signature(the_repository, expected_oid,`
`2615`	`2615`	`contents, size,`
`2616`		`- oi->type_name->buf, real_oid))`
	`2616`	`+ oi->type_name->buf, real_oid) < 0)`
`2617`	`2617`	`goto out;`
`2618`	`2618`	`}`
`2619`	`2619`