Re: [PATCH] add strerror(errno) to die() calls where applicable

[Thomas Rast <trast@student.ethz.ch>]

[-- Attachment #1: Type: text/plain, Size: 2854 bytes --]

Sorry for not getting around to this again all week.  I'll try to
reroll later today...

Jeff King wrote:
>   1. How did you determine the set of callsites? Did you check that each
>      non-syscall function always sets errno? Are there are functions
>      which are setting errno which could also be included?

Basically by 'git grep die | grep -v errno' and then looking at the
code immediately before the die().  Rather tedious, but I couldn't see
an obvious way to automate the task.

As for the non-syscall functions, at first I had a longer list but I
eventually settled with the ones mentioned, but I decided it was too
risky and just stuck with those that are very clear:

> On Tue, Jun 02, 2009 at 11:34:33PM +0200, Thomas Rast wrote:
> >   odb_pack_keep

Tries open() in two ways, but can only return <0 by passing the return
value of the second.

> >   read_ancestry

Only returns -1 if fopen() returned NULL.

> >   read_in_full

Only returns <=0 if xread() returned <=0, which in turn only happens
if read() returned <0.

> >   strbuf_read

Returns -1 if xread() did so.

> >   strbuf_read_file

Returns -1 if open() or strbuf_read() failed.

> >   strbuf_readlink

Returns -1 if readlink() failed.  (The other option, that the buffer
was still too small at STRBUF_MAXLINK, would imply that readlink()
wanted to return more than PATH_MAX chars.)

> >   write_buffer

I'll drop this one, I missed that it actually does its own errno
reporting already.  (Other than that it's just a thin wrapper around
write_in_full.)

> >   write_in_full

Symmetric to read_in_full: only returns <=0 if xwrite() did, which in
turn only happens if write() returned <0.


There were lots of cases that aren't quite as clear-cut.  For example,
there are many call sites where the index is written out that look
like

	if (write_cache(fd, active_cache, active_nr) ||
	    close_lock_file(&index_lock))
		die("unable to write new_index file");

Dealing with those will be somewhat more complicated, as the error
case is not all that clearly defined.  But at least at a quick glance,
write_cache does not even indicate what file it failed to write.

>   2. Extra error conditions may leak information about the filesystem to
>      people feeding bogus paths to upload-pack. I didn't see anything
>      obvious in your patch that would cause this, but it is something to
>      consider.

Good point.

> > -		die("closing file %s: %s", path, strerror(errno));
> > +		die("closing file '%s': %s", path, strerror(errno));
> 
> This one is actually just a style change, though I think it is
> worthwhile (and there are a few others like it).

Yes, as I was already going through the calls I thought some
consistency would be nice.

-- 
Thomas Rast
trast@{inf,student}.ethz.ch

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]