make patch_delta() error cases a bit more verbose

It is especially important to distinguish between a malloc() failure
from all the other cases.  An out of memory condition is much less
worrisome than a compatibility/corruption problem.

Also make test-delta compilable again.

Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>

1 files changed, 6 insertions, 7 deletions

diff --git a/patch-delta.c b/patch-delta.c
index e3a1d425ee..ed9db81fa8 100644
--- a/patch-delta.c
+++ b/patch-delta.c
@@ -9,8 +9,7 @@
  * published by the Free Software Foundation.
  */
 
-#include <stdlib.h>
-#include <string.h>
+#include "git-compat-util.h"
 #include "delta.h"
 
 void *patch_delta(const void *src_buf, unsigned long src_size,
@@ -34,9 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
 
 	/* now the result size */
 	size = get_delta_hdr_size(&data, top);
-	dst_buf = malloc(size + 1);
-	if (!dst_buf)
-		return NULL;
+	dst_buf = xmalloc(size + 1);
 	dst_buf[size] = 0;
 
 	out = dst_buf;
@@ -55,13 +52,13 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
 			if (cp_off + cp_size < cp_size ||
 			    cp_off + cp_size > src_size ||
 			    cp_size > size)
-				goto bad;
+				break;
 			memcpy(out, (char *) src_buf + cp_off, cp_size);
 			out += cp_size;
 			size -= cp_size;
 		} else if (cmd) {
 			if (cmd > size)
-				goto bad;
+				break;
 			memcpy(out, data, cmd);
 			out += cmd;
 			data += cmd;
@@ -72,12 +69,14 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
 			 * extensions. In the mean time we must fail when
 			 * encountering them (might be data corruption).
 			 */
+			error("unexpected delta opcode 0");
 			goto bad;
 		}
 	}
 
 	/* sanity check */
 	if (data != top || size != 0) {
+		error("delta replay has gone wild");
 		bad:
 		free(dst_buf);
 		return NULL;