[JIRA] (JENKINS-59252) git-forensics plugin doesn't guard against negative line numbers

8 views
Skip to first unread message

witt.austin@gmail.com (JIRA)

unread,
Sep 5, 2019, 2:26:02 PM9/5/19
to jenkinsc...@googlegroups.com
Austin Witt created an issue
 
Jenkins / Bug JENKINS-59252
git-forensics plugin doesn't guard against negative line numbers
Issue Type: Bug Bug
Assignee: Ulli Hafner
Components: git-forensics-plugin
Created: 2019-09-05 18:25
Priority: Minor Minor
Reporter: Austin Witt

With

  • warnings-ng 6.0.0
  • git-forensics 0.3.1

I saw a branch build of a repository - just a regular branch, not even a PR - produce this stack trace:

java.lang.ArrayIndexOutOfBoundsException: -1
 at org.eclipse.jgit.blame.BlameResult.getSourceAuthor(BlameResult.java:191)
 at io.jenkins.plugins.git.forensics.blame.GitBlamer$BlameCallback.run(GitBlamer.java:181)
 at io.jenkins.plugins.git.forensics.blame.GitBlamer$BlameCallback.invoke(GitBlamer.java:142)
 at io.jenkins.plugins.git.forensics.blame.GitBlamer$BlameCallback.invoke(GitBlamer.java:120)
 at org.jenkinsci.plugins.gitclient.AbstractGitAPIImpl.withRepository(AbstractGitAPIImpl.java:29)
 at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.withRepository(CliGitAPIImpl.java:72)
 at io.jenkins.plugins.git.forensics.blame.GitBlamer.blame(GitBlamer.java:92)
 at io.jenkins.plugins.analysis.core.steps.IssuesScanner$ReportPostProcessor.invoke(IssuesScanner.java:253)
 at io.jenkins.plugins.analysis.core.steps.IssuesScanner$ReportPostProcessor.invoke(IssuesScanner.java:216)
 at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3050)
 at hudson.remoting.UserRequest.perform(UserRequest.java:212)
 at hudson.remoting.UserRequest.perform(UserRequest.java:54)
 at hudson.remoting.Request$2.run(Request.java:369)
 at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93)
 at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE

The line in question in git-forensics is here: https://github.com/jenkinsci/git-forensics-plugin/blob/master/src/main/java/io/jenkins/plugins/git/forensics/blame/GitBlamer.java#L181

It looks like for some reason line was 0, and therefore lineIndex became -1, which upset JGit when it tried to use that as an array index to get blame: https://github.com/eclipse/jgit/blob/master/org.eclipse.jgit/src/org/eclipse/jgit/blame/BlameResult.java#L190

The more I look at this the more this looks like a logic error from GitBlamer's PoV - there's nothing that I can see in FileLocations that programmatically ensures a line number can't be 0, nor does GitBlamer check for this - but then it subtracts 1 from a lineNumber and uses that in JGit code that eventually becomes an index for array access.

Created this issue per Ullrich Hafner's request on the warnings-ng Gitter chat:

This is a bug, I forget to add the guard from GitBlamer in the new version. Can you please create a bug report?
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

ullrich.hafner@gmail.com (JIRA)

unread,
Sep 5, 2019, 6:40:04 PM9/5/19
to jenkinsc...@googlegroups.com
Ulli Hafner started work on Bug JENKINS-59252
 
Change By: Ulli Hafner
Status: Open In Progress

ullrich.hafner@gmail.com (JIRA)

unread,
Sep 5, 2019, 6:58:01 PM9/5/19
to jenkinsc...@googlegroups.com
Ulli Hafner updated an issue

ullrich.hafner@gmail.com (JIRA)

unread,
Sep 5, 2019, 7:10:02 PM9/5/19
to jenkinsc...@googlegroups.com
Change By: Ulli Hafner
Status: In Progress Fixed but Unreleased
Resolution: Fixed

ullrich.hafner@gmail.com (JIRA)

unread,
Sep 5, 2019, 7:18:04 PM9/5/19
to jenkinsc...@googlegroups.com
Change By: Ulli Hafner
Status: Fixed but Unreleased Resolved
Released As: git-forensics 0.3.2
Reply all
Reply to author
Forward
0 new messages