From: Jonathan Nieder <jrnieder@gmail.com>
To: Jeff King <peff@peff.net>
Cc: demerphq <demerphq@gmail.com>, Git <git@vger.kernel.org>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [PATCH 3/7] avoid "write_in_full(fd, buf, len) != len" pattern
Date: Wed, 13 Sep 2017 14:14:30 -0700 [thread overview]
Message-ID: <20170913211430.GK27425@aiede.mtv.corp.google.com> (raw)
In-Reply-To: <20170913171603.3whuql7l5da3ynrn@sigill.intra.peff.net>
Jeff King wrote:
> The return value of write_in_full() is either "-1", or the
> requested number of bytes[1]. If we make a partial write
> before seeing an error, we still return -1, not a partial
> value. This goes back to f6aa66cb95 (write_in_full: really
> write in full or return error on disk full., 2007-01-11).
>
> So checking anything except "was the return value negative"
> is pointless. And there are a couple of reasons not to do
> so:
>
> 1. It can do a funny signed/unsigned comparison. If your
[...]
> 2. Checking for a negative value is shorter to type,
> especially when the length is an expression.
>
> 3. Linus says so. In d34cf19b89 (Clean up write_in_full()
> users, 2007-01-11), right after the write_in_full()
> semantics were changed, he wrote:
>
> I really wish every "write_in_full()" user would just
> check against "<0" now, but this fixes the nasty and
> stupid ones.
Ok, you convinced me.
Should we add a comment to cache.h as well encouraging this?
[...]
> [1] A careful reader may notice there is one way that
> write_in_full() can return a different value. If we ask
> write() to write N bytes and get a return value that is
> _larger_ than N, we could return a larger total. But
> besides the fact that this would imply a totally broken
> version of write(), it would already invoke undefined
> behavior. Our internal remaining counter is an unsigned
> size_t, which means that subtracting too many byte will
> wrap it around to a very large number. So we'll instantly
> begin reading off the end of the buffer, trying to write
> gigabytes (or petabytes) of data.
This footnote just leaves me more confused, since as you mention,
write() never would return a value greater than N. Are you saying we
need to defend against a broken platform where that isn't true?
> Signed-off-by: Jeff King <peff@peff.net>
> ---
> builtin/receive-pack.c | 2 +-
> builtin/rerere.c | 2 +-
> builtin/unpack-file.c | 2 +-
> config.c | 4 ++--
> diff.c | 2 +-
> fast-import.c | 2 +-
> http-backend.c | 4 ++--
> ll-merge.c | 2 +-
> read-cache.c | 6 +++---
> refs.c | 2 +-
> refs/files-backend.c | 8 ++++----
> rerere.c | 2 +-
> shallow.c | 6 +++---
> t/helper/test-delta.c | 2 +-
> transport-helper.c | 5 ++---
> wrapper.c | 2 +-
> 16 files changed, 26 insertions(+), 27 deletions(-)
All of these look correctly done.
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
next prev parent reply other threads:[~2017-09-13 21:14 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-13 11:59 Bug: git branch --unset-upstream command can nuke config when disk is full demerphq
2017-09-13 12:34 ` Jeff King
2017-09-13 13:38 ` demerphq
2017-09-13 14:17 ` Jeff King
2017-09-13 14:49 ` demerphq
2017-09-13 14:51 ` Jeff King
2017-09-13 15:18 ` demerphq
2017-09-13 15:22 ` Jeff King
2017-09-13 15:49 ` demerphq
2017-09-13 17:08 ` [PATCH 0/7] config.c may fail to notice some write() failures Jeff King
2017-09-13 17:11 ` [PATCH 1/7] config: avoid "write_in_full(fd, buf, len) < len" pattern Jeff King
2017-09-13 17:47 ` Jonathan Nieder
2017-09-13 17:53 ` Jeff King
2017-09-13 17:59 ` Jonathan Nieder
2017-09-13 18:11 ` Jeff King
2017-09-13 18:15 ` [PATCH v2] " Jeff King
2017-09-13 18:24 ` Jonathan Nieder
2017-09-13 18:58 ` Jeff King
2017-09-13 19:18 ` Jonathan Nieder
2017-09-13 19:49 ` Jonathan Nieder
2017-09-13 22:43 ` Ramsay Jones
2017-09-13 23:31 ` Ramsay Jones
2017-09-15 0:37 ` Jeff King
2017-09-15 15:15 ` Ramsay Jones
2017-09-13 21:33 ` Junio C Hamano
2017-09-13 17:11 ` [PATCH 2/7] get-tar-commit-id: check write_in_full() return against 0 Jeff King
2017-09-13 17:53 ` Jonathan Nieder
2017-09-13 18:02 ` Jeff King
2017-09-13 18:37 ` Jeff King
2017-09-13 21:09 ` Jonathan Nieder
2017-09-15 0:40 ` Jeff King
2017-09-13 17:16 ` [PATCH 3/7] avoid "write_in_full(fd, buf, len) != len" pattern Jeff King
2017-09-13 21:14 ` Jonathan Nieder [this message]
2017-09-15 0:42 ` Jeff King
2017-09-13 17:16 ` [PATCH 4/7] convert less-trivial versions of "write_in_full() != len" Jeff King
2017-09-13 21:16 ` Jonathan Nieder
2017-09-13 17:17 ` [PATCH 5/7] pkt-line: check write_in_full() errors against "< 0" Jeff King
2017-09-13 21:17 ` Jonathan Nieder
2017-09-13 17:17 ` [PATCH 6/7] notes-merge: use ssize_t for write_in_full() return value Jeff King
2017-09-13 21:20 ` Jonathan Nieder
2017-09-15 0:43 ` Jeff King
2017-09-13 17:17 ` [PATCH 7/7] config: flip return value of store_write_*() Jeff King
2017-09-13 21:25 ` Jonathan Nieder
2017-09-15 0:46 ` Jeff King
2017-09-13 18:47 ` [PATCH 8/7] read_pack_header: handle signed/unsigned comparison in read result Jeff King
2017-09-13 19:11 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170913211430.GK27425@aiede.mtv.corp.google.com \
--to=jrnieder@gmail.com \
--cc=avarab@gmail.com \
--cc=demerphq@gmail.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).