From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS53758 23.128.96.0/24 X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_PASS,SPF_PASS,URIBL_CSS,URIBL_CSS_A shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id F0EC81F953 for ; Wed, 5 Jan 2022 20:10:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243881AbiAEUKh (ORCPT ); Wed, 5 Jan 2022 15:10:37 -0500 Received: from pb-smtp2.pobox.com ([64.147.108.71]:59424 "EHLO pb-smtp2.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243875AbiAEUKg (ORCPT ); Wed, 5 Jan 2022 15:10:36 -0500 Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 14DCAFD801; Wed, 5 Jan 2022 15:10:36 -0500 (EST) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=00Df1ro718UxzQQ5NPspiWJPZoUg6S6dyA0G9/ aKmks=; b=sSidXBcaIfoa80I5zXaUWjLrG7KZh9gPr+wGpmMyJOuSxGpW8K4C// NYtkE/kbOqmeYF2YwDCcGmKmvlcJcE3Ts92IfrhGXiHpmpu4g31YB+uuktgYqiDa OGczHly8iKo1i6HqiCq86C+1H9sfWOD3wfmbIdTD/XS7sA3s45ypg= Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 0CE8EFD800; Wed, 5 Jan 2022 15:10:36 -0500 (EST) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [104.133.2.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 49703FD7FD; Wed, 5 Jan 2022 15:10:35 -0500 (EST) (envelope-from junio@pobox.com) From: Junio C Hamano To: "John Cai via GitGitGadget" Cc: git@vger.kernel.org, John Cai Subject: Re: [PATCH v4] receive-pack.c: consolidate find header logic References: Date: Wed, 05 Jan 2022 12:10:34 -0800 In-Reply-To: (John Cai via GitGitGadget's message of "Wed, 05 Jan 2022 15:21:37 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: 8AEBA1BE-6E63-11EC-A496-CB998F0A682E-77302942!pb-smtp2.pobox.com Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org "John Cai via GitGitGadget" writes: > Changes since v4: > > * added NEEDSWORK block detailing what needs to be done to clean up > find_header_mem > ... > - while (line) { > ++ /* > ++ * NEEDSWORK: Between line[0] and msg[len], there may not be a LF nor NUL > ++ * at all, and strchrnul() will scan beyond the range we were given > ++ * Make this operation safer and abide by the contract to only read up to len. > ++ */ This sounds unnecessarily alarming. Can't we also explain that the current callers are safe?