From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: git@vger.kernel.org, Jeff King <peff@peff.net>,
Junio C Hamano <gitster@pobox.com>,
"Miriam R." <mirucam@gmail.com>
Subject: Re: [PATCH] run-command: avoid undefined behavior in exists_in_PATH
Date: Tue, 7 Jan 2020 02:16:11 +0000 [thread overview]
Message-ID: <20200107021611.GK6570@camp.crustytoothpaste.net> (raw)
In-Reply-To: <20200107020425.GG92456@google.com>
[-- Attachment #1: Type: text/plain, Size: 1905 bytes --]
On 2020-01-07 at 02:04:25, Jonathan Nieder wrote:
> brian m. carlson wrote:
>
> > In this function, we free the pointer we get from locate_in_PATH and
> > then check whether it's NULL. However, this is undefined behavior if
> > the pointer is non-NULL, since the C standard no longer permits us to
> > use a valid pointer after freeing it.
> [...]
> > Noticed-by: Miriam R. <mirucam@gmail.com>
> > Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
> > ---
> > run-command.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
>
> This API that forces the caller to deal with the allocated result when
> they never asked for it seems a bit inconvenient. Should we clean it up
> a little? Something like this (on top):
>
> -- >8 --
> Subject: run-command: let caller pass in buffer to locate_in_PATH
>
> Instead of returning a buffer that the caller is responsible for
> freeing, use a strbuf output parameter to record the path to the
> searched-for program.
>
> This makes ownership a little easier to reason about, since the owning
> code declares the buffer. It's a good habit to follow because it
> allows buffer reuse when calling such a function in a loop.
>
> It also allows the caller exists_in_PATH that does not care about the
> path to the command to be slightly simplified, by allowing a NULL
> output parameter that means that locate_in_PATH should take care of
> allocating and freeing its temporary buffer.
Sure, I think this is a nice improvement. The user can reuse the buffer
in a loop if they want by resetting it, which as you point out would be
convenient (and potentially more efficient). And we're already using
one internally, so there's no reason not to just pass one in.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 868 bytes --]
next prev parent reply other threads:[~2020-01-07 2:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 1:36 [PATCH] run-command: avoid undefined behavior in exists_in_PATH brian m. carlson
2020-01-07 2:04 ` Jonathan Nieder
2020-01-07 2:16 ` brian m. carlson [this message]
2020-01-07 3:40 ` Bryan Turner
2020-01-07 3:41 ` Bryan Turner
2020-01-07 11:08 ` Jeff King
2020-01-07 11:01 ` Jeff King
2020-01-07 16:58 ` Junio C Hamano
2020-01-08 2:47 ` brian m. carlson
2020-01-08 9:15 ` Miriam R.
2020-01-08 10:28 ` Christian Couder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200107021611.GK6570@camp.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
--cc=mirucam@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).