From: Jeff King <peff@peff.net>
To: "Σταύρος Ντέντος" <stdedos@gmail.com>
Cc: git <git@vger.kernel.org>,
"Σταύρος Ντέντος" <stdedos+git@gmail.com>,
"Junio C Hamano" <gitster@pobox.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Stavros Ntentos" <133706+stdedos@users.noreply.github.com>
Subject: Re: [RFC PATCH v1 1/2] pathspec: warn: long and short forms are incompatible
Date: Fri, 26 Mar 2021 01:28:31 -0400 [thread overview]
Message-ID: <YF1w/xKbozpQn7Vf@coredump.intra.peff.net> (raw)
In-Reply-To: <20210326024005.26962-2-stdedos+git@gmail.com>
On Fri, Mar 26, 2021 at 04:40:04AM +0200, Σταύρος Ντέντος wrote:
> +void check_mishandled_exclude(const char *entry) {
> + size_t entry_len = strlen(entry);
> + char flags[entry_len];
> + char path[entry_len];
We avoid using variable-length arrays in our codebase. For one thing,
they were not historically supported by all platforms (we are slowly
using more C99 features, but we are introducing them slowly and
intentionally).
But two, they are limited in size and the failure mode is not graceful.
If "entry" is larger than the available stack, then we'll get a segfault
with no option to handle it better.
> + if (sscanf(entry, ":!(%4096[^)])%4096s", &flags, &path) != 2) {
> + return;
We also generally avoid using scanf, because it's error-prone. The
"4096" is scary here, but I don't _think_ it's a buffer overflow,
because "path" is already the same size as "entry" (not including the
NUL terminator, but that is negated by the fact that we'll have skipped
at least ":!").
Is this "%4096[^)]" actually valid? I don't think scanf understands
regular expressions.
We'd want to avoid making an extra copy of the string anyway. So you'd
probably want to just parse left-to-right in the original string, like:
const char *p = entry;
/* skip past stuff we know must be there */
if (!skip_prefix(p, ":!(", &p))
return;
/* this checks count_slashes() > 0 in the flags section, though I'm
* not sure I understand what that is looking for... */
for (; *p && *p != ')'; p++) {
if (*p == '/')
return;
}
if (*p++ != ')')
return;
/* now p is pointing at "path", though we don't seem to do anything
* with it... */
-Peff
next prev parent reply other threads:[~2021-03-26 5:30 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-26 20:44 Pathspec does not accept / does not warn for specific pathspecs Σταύρος Ντέντος
2021-02-26 23:27 ` Junio C Hamano
2021-03-25 10:22 ` [PATCH v1 0/1] pathspec: warn for a no-glob entry that contains `**` Σταύρος Ντέντος
2021-03-25 10:22 ` [PATCH v1 1/1] " Σταύρος Ντέντος
2021-03-25 11:00 ` Bagas Sanjaya
2021-03-25 11:04 ` Bagas Sanjaya
2021-03-25 16:09 ` Stavros Ntentos
2021-03-25 20:09 ` Junio C Hamano
2021-03-25 23:36 ` [PATCH v2 0/1] " Σταύρος Ντέντος
2021-03-25 23:36 ` [PATCH v2 1/1] " Σταύρος Ντέντος
2021-03-26 0:41 ` Junio C Hamano
2021-03-26 1:32 ` Eric Sunshine
2021-03-26 3:02 ` Junio C Hamano
2021-03-26 5:13 ` Jeff King
2021-03-26 15:43 ` Stavros Ntentos
2021-03-26 15:48 ` [PATCH v3 1/2] " Stavros Ntentos
2021-03-26 15:48 ` [PATCH v3 2/2] pathspec: convert no-glob warn to advice Stavros Ntentos
2021-03-26 2:40 ` [RFC PATCH v1 0/1] pathspec: warn: long and short forms are incompatible Σταύρος Ντέντος
2021-03-26 2:40 ` [RFC PATCH v1 1/2] " Σταύρος Ντέντος
2021-03-26 5:28 ` Jeff King [this message]
2021-03-26 16:16 ` Stavros Ntentos
2021-03-27 9:41 ` Jeff King
2021-03-27 18:36 ` Junio C Hamano
2021-03-28 15:44 ` Stavros Ntentos
2021-03-26 2:40 ` [RFC PATCH v1 2/2] fixup! " Σταύρος Ντέντος
2021-03-26 8:14 ` Bagas Sanjaya
2021-03-26 15:55 ` Stavros Ntentos
2021-03-28 15:26 ` [RFC PATCH v1 3/3] squash! " Stavros Ntentos
2021-03-26 2:44 ` [RFC PATCH v1 0/1] " Σταύρος Ντέντος
2021-03-26 2:44 ` [RFC PATCH v1] " Σταύρος Ντέντος
2021-04-03 12:26 ` [PATCH v3] pathspec: advice: " Stavros Ntentos
2021-04-04 7:19 ` Junio C Hamano
2021-04-11 15:07 ` Σταύρος Ντέντος
2021-04-11 19:10 ` Junio C Hamano
2021-04-11 20:53 ` Σταύρος Ντέντος
2021-03-28 15:45 ` [PATCH v2] " Stavros Ntentos
2021-03-28 19:12 ` Junio C Hamano
2021-03-30 17:37 ` Junio C Hamano
2021-03-30 19:05 ` Stavros Ntentos
2021-03-30 19:17 ` Stavros Ntentos
2021-03-30 20:36 ` Junio C Hamano
2021-04-03 12:48 ` [PATCH v3] " Stavros Ntentos
2021-04-03 12:51 ` [PATCH v4] " Stavros Ntentos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YF1w/xKbozpQn7Vf@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=133706+stdedos@users.noreply.github.com \
--cc=bagasdotme@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=stdedos+git@gmail.com \
--cc=stdedos@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).