From: Jeff King <peff@peff.net>
To: Taylor Blau <me@ttaylorr.com>
Cc: git@vger.kernel.org, emilyshaffer@google.com
Subject: Re: [PATCH v2] builtin/bugreport.c: use thread-safe localtime_r()
Date: Mon, 30 Nov 2020 21:27:35 -0500 [thread overview]
Message-ID: <X8WqFynk23yWT6E3@coredump.intra.peff.net> (raw)
In-Reply-To: <73eb4965807ea2fdf94f815a8f8a2b036296ecca.1606782566.git.me@ttaylorr.com>
On Mon, Nov 30, 2020 at 07:30:06PM -0500, Taylor Blau wrote:
> @@ -147,7 +148,7 @@ int cmd_bugreport(int argc, const char **argv, const char *prefix)
> strbuf_complete(&report_path, '/');
>
> strbuf_addstr(&report_path, "git-bugreport-");
> - strbuf_addftime(&report_path, option_suffix, localtime(&now), 0, 0);
> + strbuf_addftime(&report_path, option_suffix, localtime_r(&now, &tm), 0, 0);
> strbuf_addstr(&report_path, ".txt");
I briefly wondered if we'd want a strbuf_addftime() variant that just
takes a time_t. But the choice of localtime vs gmtime makes this
awkward, not to mention the gymnastics we do in show_date() to get
things into the author's zone. So this looks good to me.
We might also want to do this on top:
-- >8 --
Subject: [PATCH] banned.h: mark non-reentrant gmtime, etc as banned
The traditional gmtime(), localtime(), ctime(), and asctime() functions
return pointers to shared storage. This means they're not thread-safe,
and they also run the risk of somebody holding onto the result across
multiple calls (where each call invalidates the previous result).
All callers should be using gmtime_r() or localtime_r() instead.
The ctime_r() and asctime_r() functions are OK in that respect, but have
no check that the buffer we pass in is long enough (the manpage says it
"should have room for at least 26 bytes"). Since this is such an
easy-to-get-wrong interface, and since we have the much safer stftime()
as well as its more conveinent strbuf_addftime() wrapper, let's likewise
ban both of those.
Signed-off-by: Jeff King <peff@peff.net>
---
TBH, ctime() and its variants are so awful that I doubt anybody would
try to use them, but it doesn't hurt to err on the side of caution.
banned.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/banned.h b/banned.h
index 60a18d4403..7ab4f2e492 100644
--- a/banned.h
+++ b/banned.h
@@ -29,4 +29,17 @@
#define vsprintf(buf,fmt,arg) BANNED(vsprintf)
#endif
+#undef gmtime
+#define gmtime(t) BANNED(gmtime)
+#undef localtime
+#define localtime(t) BANNED(localtime)
+#undef ctime
+#define ctime(t) BANNED(ctime)
+#undef ctime_r
+#define ctime_r(t, buf) BANNED(ctime_r)
+#undef asctime
+#define asctime(t) BANNED(asctime)
+#undef asctime_r
+#define asctime_r(t, buf) BANNED(asctime_r)
+
#endif /* BANNED_H */
--
2.29.2.853.g04e16501f9
next prev parent reply other threads:[~2020-12-01 2:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-30 23:06 [PATCH] builtin/bugreport.c: use thread-safe localtime_r() Taylor Blau
2020-12-01 0:30 ` [PATCH v2] " Taylor Blau
2020-12-01 2:27 ` Jeff King [this message]
2020-12-01 3:15 ` Eric Sunshine
2020-12-01 18:27 ` Junio C Hamano
2020-12-01 18:34 ` Taylor Blau
2020-12-01 21:11 ` [PATCH v2 1/2] banned.h: mark non-reentrant gmtime, etc as banned Junio C Hamano
2020-12-01 21:11 ` [PATCH v2 2/2] banned.h: mark ctime_r() and asctime_r() " Junio C Hamano
2020-12-01 21:16 ` Eric Sunshine
2020-12-01 22:07 ` Junio C Hamano
2020-12-01 22:22 ` Taylor Blau
2020-12-06 14:56 ` [PATCH v2 1/2] banned.h: mark non-reentrant gmtime, etc " SZEDER Gábor
2020-12-02 1:57 ` [PATCH v2] builtin/bugreport.c: use thread-safe localtime_r() Jeff King
2020-12-01 0:31 ` [PATCH] " Eric Sunshine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X8WqFynk23yWT6E3@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=me@ttaylorr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).