refs: improve verification for-each-ref options

Improve verification of the passed-in for-each-ref options: - Require that the `refs` store must be given. It's arguably very surprising that we simply return successfully in case the ref store is a `NULL` pointer. - When expected to trim ref prefixes we will `BUG()` in case the refname would become empty or in case we're expected to trim a longer prefix than the refname is long. As such, this case is only guaranteed to _not_ `BUG()` in case the caller also specified a prefix. And furthermore, that prefix must end in a trailing slash, as otherwise it may produce an exact match that could lead us to trim to the empty string. An audit shows that there are no callsites that rely on either of these behaviours, so this should not result in a functional change. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2026-03-01 11:08:45 +00:00 · 2026-02-23 12:59:44 +01:00
parent f503bb7dc9
commit 5507200b50
1 changed files with 12 additions and 1 deletions
--- a/refs.c
+++ b/refs.c
@@ -1859,7 +1859,18 @@ int refs_for_each_ref_ext(struct ref_store *refs,
 	int ret;

 	if (!refs)
-		return 0;
+		BUG("no ref store passed");
+
+	if (opts->trim_prefix) {
+		size_t prefix_len;
+
+		if (!opts->prefix)
+			BUG("trimming only allowed with a prefix");
+
+		prefix_len = strlen(opts->prefix);
+		if (prefix_len == opts->trim_prefix && opts->prefix[prefix_len - 1] != '/')
+			BUG("ref pattern must end in a trailing slash when trimming");
+	}

 	if (opts->pattern) {
 		if (!opts->prefix && !starts_with(opts->pattern, "refs/"))