From: Ramsay Jones <ramsay@ramsayjones.plus.com>
To: Jeff King <peff@peff.net>, git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH v2 5/5] index-pack: make pointer-alias fallbacks safer
Date: Thu, 16 Mar 2017 15:42:54 +0000 [thread overview]
Message-ID: <93f87c64-5752-06a2-9350-c867f8abe06a@ramsayjones.plus.com> (raw)
In-Reply-To: <20170316142720.377auysntqu7ozdz@sigill.intra.peff.net>
On 16/03/17 14:27, Jeff King wrote:
> The final() function accepts a NULL value for certain
> parameters, and falls back to writing into a reusable "name"
> buffer, and then either:
>
> 1. For "keep_name", requiring all uses to do "keep_name ?
> keep_name : name.buf". This is awkward, and it's easy
> to accidentally look at the maybe-NULL keep_name.
>
> 2. For "final_index_name" and "final_pack_name", aliasing
> those pointers to the "name" buffer. This is easier to
> use, but the aliased pointers become invalid after the
> buffer is reused (this isn't a bug now, but it's a
> potential pitfall).
>
> One way to make this safer would be to introduce an extra
> pointer to do the aliasing, and have its lifetime match the
> validity of the "name" buffer. But it's still easy to
> accidentally use the wrong name (i.e., to use
> "final_pack_name" instead of the aliased pointer).
>
> Instead, let's use three separate buffers that will remain
> valid through the function. That makes it safe to alias the
> pointers and use them consistently. The extra allocations
> shouldn't matter, as this function is not performance
> sensitive.
>
> Signed-off-by: Jeff King <peff@peff.net>
> ---
> builtin/index-pack.c | 20 ++++++++++++--------
> 1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/builtin/index-pack.c b/builtin/index-pack.c
> index dcb346ab7..88d205f85 100644
> --- a/builtin/index-pack.c
> +++ b/builtin/index-pack.c
> @@ -1386,7 +1386,9 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
> unsigned char *sha1)
> {
> const char *report = "pack";
> - struct strbuf name = STRBUF_INIT;
> + struct strbuf pack_name = STRBUF_INIT;
> + struct strbuf index_name = STRBUF_INIT;
> + struct strbuf keep_name_buf = STRBUF_INIT;
> int err;
>
> if (!from_stdin) {
> @@ -1402,13 +1404,13 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
> int keep_fd, keep_msg_len = strlen(keep_msg);
>
> if (!keep_name)
> - odb_pack_name(&name, sha1, "keep");
> + keep_name = odb_pack_name(&keep_name_buf, sha1, "keep");
>
> - keep_fd = odb_pack_keep(keep_name ? keep_name : name.buf);
> + keep_fd = odb_pack_keep(keep_name);
> if (keep_fd < 0) {
> if (errno != EEXIST)
> die_errno(_("cannot write keep file '%s'"),
> - keep_name ? keep_name : name.buf);
> + keep_name);
> } else {
> if (keep_msg_len > 0) {
> write_or_die(keep_fd, keep_msg, keep_msg_len);
> @@ -1416,14 +1418,14 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
> }
> if (close(keep_fd) != 0)
> die_errno(_("cannot close written keep file '%s'"),
> - keep_name ? keep_name : name.buf);
> + keep_name);
> report = "keep";
> }
> }
>
> if (final_pack_name != curr_pack_name) {
> if (!final_pack_name)
> - final_pack_name = odb_pack_name(&name, sha1, "pack");
> + final_pack_name = odb_pack_name(&pack_name, sha1, "pack");
> if (finalize_object_file(curr_pack_name, final_pack_name))
> die(_("cannot store pack file"));
> } else if (from_stdin)
> @@ -1431,7 +1433,7 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
>
> if (final_index_name != curr_index_name) {
> if (!final_index_name)
> - final_index_name = odb_pack_name(&name, sha1, "idx");
> + final_index_name = odb_pack_name(&index_name, sha1, "idx");
> if (finalize_object_file(curr_index_name, final_index_name))
> die(_("cannot store index file"));
> } else
> @@ -1458,7 +1460,9 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
> }
> }
>
> - strbuf_release(&name);
> + strbuf_release(&index_name);
> + strbuf_release(&pack_name);
> + strbuf_release(&keep_name_buf);
> }
>
> static int git_index_pack_config(const char *k, const char *v, void *cb)
>
Yep, much better.
ATB,
Ramsay Jones
prev parent reply other threads:[~2017-03-16 15:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 21:26 [PATCH 0/6] minor pack-name cleanups Jeff King
2017-03-15 21:27 ` [PATCH 1/6] index-pack: factor out pack/idx finalization Jeff King
2017-03-15 22:03 ` Ramsay Jones
2017-03-15 22:22 ` Jeff King
2017-03-15 22:30 ` Jeff King
2017-03-15 21:27 ` [PATCH 2/6] move odb_* declarations out of git-compat-util.h Jeff King
2017-03-15 21:28 ` [PATCH 3/6] sha1_file.c: make pack-name helper globally accessible Jeff King
2017-03-15 21:28 ` [PATCH 4/6] index-pack: drop fixed-size buffer for pack filenames Jeff King
2017-03-15 21:29 ` [PATCH 5/6] fast-import: replace fixed buffer with odb_pack_name Jeff King
2017-03-15 21:30 ` [PATCH 6/6] odb_pack_keep(): stop generating keepfile name Jeff King
2017-03-16 1:24 ` Junio C Hamano
2017-03-16 14:26 ` [PATCH v2 0/5] minor pack-name cleanups Jeff King
2017-03-16 14:27 ` [PATCH v2 1/5] move odb_* declarations out of git-compat-util.h Jeff King
2017-03-16 14:27 ` [PATCH v2 2/5] sha1_file.c: make pack-name helper globally accessible Jeff King
2017-03-16 14:31 ` Jeff King
2017-03-16 17:03 ` Ramsay Jones
2017-03-16 17:40 ` Jeff King
2017-03-16 14:27 ` [PATCH v2 3/5] odb_pack_keep(): stop generating keepfile name Jeff King
2017-03-16 14:27 ` [PATCH v2 4/5] replace snprintf with odb_pack_name() Jeff King
2017-03-16 15:37 ` Ramsay Jones
2017-03-16 18:33 ` Junio C Hamano
2017-03-16 18:34 ` Jeff King
2017-03-16 18:57 ` Junio C Hamano
2017-03-16 14:27 ` [PATCH v2 5/5] index-pack: make pointer-alias fallbacks safer Jeff King
2017-03-16 15:42 ` Ramsay Jones [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93f87c64-5752-06a2-9350-c867f8abe06a@ramsayjones.plus.com \
--to=ramsay@ramsayjones.plus.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).