Skip to content

Fix possible panic #17694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 18, 2021
Merged

Fix possible panic #17694

merged 8 commits into from
Nov 18, 2021

Conversation

Gusted
Copy link
Contributor

@Gusted Gusted commented Nov 17, 2021

  • The code will get the first and second character link[{0,1]]. However in a rare case the link could have 1 character and thus the link[1] will create a panic.

Fix possible panic
b43eadb 
- The code will get the first and second character `link[{0,1]]`.
However in a rare case the `link` could have 1 character and thus the
`link[1]` will create a panic.
zeripath
zeripath reviewed Nov 17, 2021
View reviewed changes
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 17, 2021
delvh
delvh reviewed Nov 17, 2021
View reviewed changes
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 17, 2021
@wxiaoguang
Copy link
Contributor

wxiaoguang commented Nov 18, 2021
edited
Loading

I agree about this fix.

One more thing, if some fallbackImage is "/", I think we should fix that fallbackImage to a real correct fallback image.

@Gusted
Copy link
Contributor Author

Gusted commented Nov 18, 2021

One more thing, if some fallbackImage is "/", I think we should fix that fallbackImage to a real correct fallback image.

That seems good to me, what do you suggest that the fallback of the fallback should be?

@wxiaoguang
Copy link
Contributor

One more thing, if some fallbackImage is "/", I think we should fix that fallbackImage to a real correct fallback image.

That seems good to me, what do you suggest that the fallback of the fallback should be?

I haven't read about the code. I think the "correct fallback images" should depend on the avatar owners.

For users, the default avatar is /assets/img/avatar_default.png (a Gitea logo), if a users didn't set their avatar, then the default one is shown.

For repositories, IIRC: if no avatar was set, then no avatar should be shown, so I think here we have a deeper problem: we were trying to show an incorrect avatar for a repository without avatar.

@Gusted
Copy link
Contributor Author

Gusted commented Nov 18, 2021

so I think here we have a deeper problem: we were trying to show an incorrect avatar for a repository without avatar.

Just to note - that when this happen the admin of the gitea server was doing this on purpose as if it was explicitly set to the fallbackImage mode whereby that setting was set to a value of "/" of some sort.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Nov 18, 2021
edited
Loading

OK, then I think something like this would be enough (and more simple):

func (repo *Repository) avatarLink(e db.Engine) string {
	link := repo.relAvatarLink(e)
	// we only prepend our AppURL to our known (relative, internal) avatar link to get an absolute URL
	if strings.HasPrefix(link, "/") && !strings.HasPrefix(link, "//") {
		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
	}
	// otherwise, return the link as it is
	return link
}

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 18, 2021
@wxiaoguang wxiaoguang merged commit 257b717 into go-gitea:main Nov 18, 2021
@Gusted Gusted deleted the fix-offBy1 branch November 24, 2021 08:26
Chianina pushed a commit to Chianina/gitea that referenced this pull request Mar 28, 2022
Fix possible panic (go-gitea#17694)
e96f3a0 
- The code will get the first and second character `link[{0,1]]`.
However in a rare case the `link` could have 1 character and thus the
`link[1]` will create a panic.
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh left review comments

@zeripath zeripath zeripath approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Gusted @wxiaoguang @zeripath @delvh @GiteaBot @lunny