From: Taylor Blau <me@ttaylorr.com>
To: Derrick Stolee <derrickstolee@github.com>
Cc: Jeff King <peff@peff.net>,
git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>,
Abhradeep Chakraborty <chakrabortyabhradeep79@gmail.com>
Subject: Re: [PATCH 4/6] pack-bitmap.c: factor out manual `map_pos` manipulation
Date: Fri, 24 Mar 2023 19:13:16 -0400 [thread overview]
Message-ID: <ZB4ujCTiRgAmZaQo@nand.local> (raw)
In-Reply-To: <61ae4ad5-4d4d-933c-a2cb-e7e2cd734401@github.com>
On Fri, Mar 24, 2023 at 02:04:05PM -0400, Derrick Stolee wrote:
> The other alternative would be to use an enum instead of an arbitrary int.
> The compiler can warn to some extent, but it's not as helpful as a method
> name distinction.
Yeah, I think that another enum here just to distinguish between seeking
to an absolute position versus a relative one is probably overkill in
this instance.
> >> + if (bitmap_git->map_pos >= bitmap_git->map_size)
> >> + BUG("bitmap position exceeds size (%"PRIuMAX" >= %"PRIuMAX")",
> >> + (uintmax_t)bitmap_git->map_pos,
> >> + (uintmax_t)bitmap_git->map_size);
> >
> > This uses ">=", which is good, because it is valid to walk the pointer
> > to one past the end of the map, which is effectively EOF. But as above,
> > in that condition the callers should be checking for this EOF state
> > before reading the bytes.
>
> In other words, it would be too easy for a strange data shape to trigger
> this BUG() statement, which should be reserved for the most-extreme cases
> of developer mistake. Things like "this is an unacceptable 'whence' value"
> or "this should never be NULL" make sense, but this is too likely to be
> hit due to a runtime error.
> Would it make sense to return an 'int' instead of the size_t of map_pos?
> That way we could return in error if this is exceeded, and then all
> callers can respond "oh wait, that move would exceed the file size, so
> I should fail in my own way..."?
Works for me. I think bitmap_index_seek_to() would probably return the
error() itself, since I don't think it makes sense to require each
caller to come up with the same "bitmap position exceeds size" thing.
We want the message from that error() to appear regardless, but each
caller can decide what it wants to do in the presence of an error (e.g.,
continue on, propagate the error, abort the program, etc).
Something like this:
static int bitmap_index_seek_to(struct bitmap_index *bitmap_git, size_t pos)
{
bitmap_git->map_pos = pos;
if (bitmap_git->map_pos >= bitmap_git->map_size)
return error(_("bitmap position exceeds size "
"(%"PRIuMAX" >= %"PRIuMAX")"),
(uintmax_t)bitmap_git->map_pos,
(uintmax_t)bitmap_git->map_size);
return 0;
}
Thanks,
Taylor
next prev parent reply other threads:[~2023-03-24 23:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 20:02 [PATCH 0/6] pack-bitmap: miscellaneous mmap read hardening Taylor Blau
2023-03-20 20:02 ` [PATCH 1/6] pack-bitmap.c: hide bitmap internals in `read_u8()` Taylor Blau
2023-03-21 17:35 ` Jeff King
2023-03-24 17:52 ` Derrick Stolee
2023-03-20 20:02 ` [PATCH 2/6] pack-bitmap.c: hide bitmap internals in `read_be32()` Taylor Blau
2023-03-20 20:02 ` [PATCH 3/6] pack-bitmap.c: drop unnecessary 'inline's Taylor Blau
2023-03-21 17:40 ` Jeff King
2023-03-20 20:02 ` [PATCH 4/6] pack-bitmap.c: factor out manual `map_pos` manipulation Taylor Blau
2023-03-21 17:56 ` Jeff King
2023-03-24 18:04 ` Derrick Stolee
2023-03-24 18:29 ` Jeff King
2023-03-24 23:23 ` Taylor Blau
2023-03-25 4:57 ` Jeff King
2023-03-24 23:13 ` Taylor Blau [this message]
2023-03-24 23:24 ` Taylor Blau
2023-03-24 23:08 ` Taylor Blau
2023-03-20 20:02 ` [PATCH 5/6] pack-bitmap.c: use `bitmap_index_seek()` where possible Taylor Blau
2023-03-21 18:05 ` Jeff King
2023-03-24 18:06 ` Derrick Stolee
2023-03-24 18:35 ` Jeff King
2023-03-24 19:43 ` Junio C Hamano
2023-03-24 20:37 ` Jeff King
2023-03-24 21:38 ` Junio C Hamano
2023-03-24 22:57 ` Taylor Blau
2023-03-20 20:02 ` [PATCH 6/6] pack-bitmap.c: factor out `bitmap_index_seek_commit()` Taylor Blau
2023-03-21 18:13 ` Jeff King
2023-03-21 18:16 ` Taylor Blau
2023-03-21 18:27 ` Jeff King
2023-03-24 18:09 ` Derrick Stolee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZB4ujCTiRgAmZaQo@nand.local \
--to=me@ttaylorr.com \
--cc=chakrabortyabhradeep79@gmail.com \
--cc=derrickstolee@github.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).