git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / Atom feed
* [PATCH] diff: ensure correct lifetime of external_diff_cmd
@ 2019-01-09 22:10 Kim Gybels
  2019-01-09 23:10 ` Eric Sunshine
  2019-01-11 20:26 ` [PATCH v2] " Kim Gybels
  0 siblings, 2 replies; 6+ messages in thread
From: Kim Gybels @ 2019-01-09 22:10 UTC (permalink / raw)
  To: git
  Cc: Junio C Hamano, Johannes Schindelin, Karsten Blees,
	Johannes Sixt, Kim Gybels

According to getenv(3)'s notes:

    The implementation of getenv() is not required to be reentrant.  The
    string pointed to by the return value of getenv() may be statically
    allocated, and can be modified by a subsequent call to getenv(),
    putenv(3), setenv(3), or unsetenv(3).

Since strings returned by getenv() are allowed to change on subsequent
calls to getenv(), make sure to duplicate when caching external_diff_cmd
from environment.

This problem becomes apparent on Git for Windows since fe21c6b285df
(mingw: reencode environment variables on the fly (UTF-16 <-> UTF-8)),
when the getenv() implementation provided in compat/mingw.c was changed
to keep a certain amount of alloc'ed strings and freeing them on
subsequent calls.

This fixes https://github.com/git-for-windows/git/issues/2007:

    $ yes n | git -c difftool.prompt=yes difftool fe21c6b285df fe21c6b285df~100

    Viewing (1/404): '.gitignore'
    Launch 'bc3' [Y/n]?
    Viewing (2/404): 'Documentation/.gitignore'
    Launch 'bc3' [Y/n]?
    Viewing (3/404): 'Documentation/Makefile'
    Launch 'bc3' [Y/n]?
    Viewing (4/404): 'Documentation/RelNotes/2.14.5.txt'
    Launch 'bc3' [Y/n]?
    Viewing (5/404): 'Documentation/RelNotes/2.15.3.txt'
    Launch 'bc3' [Y/n]?
    Viewing (6/404): 'Documentation/RelNotes/2.16.5.txt'
    Launch 'bc3' [Y/n]?
    Viewing (7/404): 'Documentation/RelNotes/2.17.2.txt'
    Launch 'bc3' [Y/n]?
    Viewing (8/404): 'Documentation/RelNotes/2.18.1.txt'
    Launch 'bc3' [Y/n]?
    Viewing (9/404): 'Documentation/RelNotes/2.19.0.txt'
    Launch 'bc3' [Y/n]? error: cannot spawn ¦?: No such file or directory
    fatal: external diff died, stopping at Documentation/RelNotes/2.19.1.txt

Signed-off-by: Kim Gybels <kgybels@infogroep.be>
---
 diff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/diff.c b/diff.c
index dc9965e836..f69687e288 100644
--- a/diff.c
+++ b/diff.c
@@ -492,6 +492,9 @@ static const char *external_diff(void)
 	external_diff_cmd = getenv("GIT_EXTERNAL_DIFF");
 	if (!external_diff_cmd)
 		external_diff_cmd = external_diff_cmd_cfg;
+	else
+		external_diff_cmd = xstrdup(external_diff_cmd);
+
 	done_preparing = 1;
 	return external_diff_cmd;
 }
-- 
2.20.1.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] diff: ensure correct lifetime of external_diff_cmd
  2019-01-09 22:10 [PATCH] diff: ensure correct lifetime of external_diff_cmd Kim Gybels
@ 2019-01-09 23:10 ` Eric Sunshine
  2019-01-10 15:47   ` Johannes Schindelin
  2019-01-10 18:27   ` Junio C Hamano
  2019-01-11 20:26 ` [PATCH v2] " Kim Gybels
  1 sibling, 2 replies; 6+ messages in thread
From: Eric Sunshine @ 2019-01-09 23:10 UTC (permalink / raw)
  To: Kim Gybels
  Cc: Git List, Junio C Hamano, Johannes Schindelin, Karsten Blees,
	Johannes Sixt

On Wed, Jan 9, 2019 at 5:19 PM Kim Gybels <kgybels@infogroep.be> wrote:
> According to getenv(3)'s notes:
> [...]
> Since strings returned by getenv() are allowed to change on subsequent
> calls to getenv(), make sure to duplicate when caching external_diff_cmd
> from environment.
> [...]
> Signed-off-by: Kim Gybels <kgybels@infogroep.be>
> ---
> diff --git a/diff.c b/diff.c
> @@ -492,6 +492,9 @@ static const char *external_diff(void)
>         external_diff_cmd = getenv("GIT_EXTERNAL_DIFF");
>         if (!external_diff_cmd)
>                 external_diff_cmd = external_diff_cmd_cfg;
> +       else
> +               external_diff_cmd = xstrdup(external_diff_cmd);

Make sense.

Not shown in the context is that 'external_diff_cmd' is static, so
this is not (in the traditional sense) leaking the dup'd string.

I do find that the logic is obscured by doing the xstrdup() in the
'else' arm; it would be easier to grok if the condition was reversed
and xstrdup() done in the 'then' arm.

However, you might also consider using xstrdup_or_null(), like this:

    external_diff_cmd = xstrdup_or_null(getenv(...));
    if (!external_diff_cmd)
        ...as before...

>         done_preparing = 1;
>         return external_diff_cmd;
>  }

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] diff: ensure correct lifetime of external_diff_cmd
  2019-01-09 23:10 ` Eric Sunshine
@ 2019-01-10 15:47   ` Johannes Schindelin
  2019-01-10 18:27   ` Junio C Hamano
  1 sibling, 0 replies; 6+ messages in thread
From: Johannes Schindelin @ 2019-01-10 15:47 UTC (permalink / raw)
  To: Eric Sunshine
  Cc: Kim Gybels, Git List, Junio C Hamano, Karsten Blees, Johannes Sixt

Hi,

On Wed, 9 Jan 2019, Eric Sunshine wrote:

> On Wed, Jan 9, 2019 at 5:19 PM Kim Gybels <kgybels@infogroep.be> wrote:
> > According to getenv(3)'s notes:
> > [...]
> > Since strings returned by getenv() are allowed to change on subsequent
> > calls to getenv(), make sure to duplicate when caching external_diff_cmd
> > from environment.
> > [...]
> > Signed-off-by: Kim Gybels <kgybels@infogroep.be>
> > ---
> > diff --git a/diff.c b/diff.c
> > @@ -492,6 +492,9 @@ static const char *external_diff(void)
> >         external_diff_cmd = getenv("GIT_EXTERNAL_DIFF");
> >         if (!external_diff_cmd)
> >                 external_diff_cmd = external_diff_cmd_cfg;
> > +       else
> > +               external_diff_cmd = xstrdup(external_diff_cmd);
> 
> Make sense.
> 
> Not shown in the context is that 'external_diff_cmd' is static, so
> this is not (in the traditional sense) leaking the dup'd string.

Ah! And that also explains why we do not need to take care of releasing
the memory via `free()` (which is what I was wondering about).

> I do find that the logic is obscured by doing the xstrdup() in the
> 'else' arm; it would be easier to grok if the condition was reversed and
> xstrdup() done in the 'then' arm.
> 
> However, you might also consider using xstrdup_or_null(), like this:
> 
>     external_diff_cmd = xstrdup_or_null(getenv(...));
>     if (!external_diff_cmd)
>         ...as before...
> 
> >         done_preparing = 1;
> >         return external_diff_cmd;
> >  }

I like this version slightly better, too.

Thanks for diagnosing and fixing this annoying bug!
Dscho

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] diff: ensure correct lifetime of external_diff_cmd
  2019-01-09 23:10 ` Eric Sunshine
  2019-01-10 15:47   ` Johannes Schindelin
@ 2019-01-10 18:27   ` Junio C Hamano
  1 sibling, 0 replies; 6+ messages in thread
From: Junio C Hamano @ 2019-01-10 18:27 UTC (permalink / raw)
  To: Eric Sunshine
  Cc: Kim Gybels, Git List, Johannes Schindelin, Karsten Blees, Johannes Sixt

Eric Sunshine <sunshine@sunshineco.com> writes:

> However, you might also consider using xstrdup_or_null(), like this:
>
>     external_diff_cmd = xstrdup_or_null(getenv(...));
>     if (!external_diff_cmd)
>         ...as before...
>
>>         done_preparing = 1;
>>         return external_diff_cmd;
>>  }

Looks good.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v2] diff: ensure correct lifetime of external_diff_cmd
  2019-01-09 22:10 [PATCH] diff: ensure correct lifetime of external_diff_cmd Kim Gybels
  2019-01-09 23:10 ` Eric Sunshine
@ 2019-01-11 20:26 ` " Kim Gybels
  2019-01-12  2:44   ` Junio C Hamano
  1 sibling, 1 reply; 6+ messages in thread
From: Kim Gybels @ 2019-01-11 20:26 UTC (permalink / raw)
  To: git
  Cc: Eric Sunshine, Junio C Hamano, Johannes Schindelin,
	Karsten Blees, Johannes Sixt, Kim Gybels

According to getenv(3)'s notes:

    The implementation of getenv() is not required to be reentrant.  The
    string pointed to by the return value of getenv() may be statically
    allocated, and can be modified by a subsequent call to getenv(),
    putenv(3), setenv(3), or unsetenv(3).

Since strings returned by getenv() are allowed to change on subsequent
calls to getenv(), make sure to duplicate when caching external_diff_cmd
from environment.

This problem becomes apparent on Git for Windows since fe21c6b285df
(mingw: reencode environment variables on the fly (UTF-16 <-> UTF-8)),
when the getenv() implementation provided in compat/mingw.c was changed
to keep a certain amount of alloc'ed strings and freeing them on
subsequent calls.

This fixes https://github.com/git-for-windows/git/issues/2007:

    $ yes n | git -c difftool.prompt=yes difftool fe21c6b285df fe21c6b285df~100

    Viewing (1/404): '.gitignore'
    Launch 'bc3' [Y/n]?
    Viewing (2/404): 'Documentation/.gitignore'
    Launch 'bc3' [Y/n]?
    Viewing (3/404): 'Documentation/Makefile'
    Launch 'bc3' [Y/n]?
    Viewing (4/404): 'Documentation/RelNotes/2.14.5.txt'
    Launch 'bc3' [Y/n]?
    Viewing (5/404): 'Documentation/RelNotes/2.15.3.txt'
    Launch 'bc3' [Y/n]?
    Viewing (6/404): 'Documentation/RelNotes/2.16.5.txt'
    Launch 'bc3' [Y/n]?
    Viewing (7/404): 'Documentation/RelNotes/2.17.2.txt'
    Launch 'bc3' [Y/n]?
    Viewing (8/404): 'Documentation/RelNotes/2.18.1.txt'
    Launch 'bc3' [Y/n]?
    Viewing (9/404): 'Documentation/RelNotes/2.19.0.txt'
    Launch 'bc3' [Y/n]? error: cannot spawn ¦?: No such file or directory
    fatal: external diff died, stopping at Documentation/RelNotes/2.19.1.txt

Signed-off-by: Kim Gybels <kgybels@infogroep.be>
---

Uses xstrdup_or_null as suggested by Eric Sunshine.

 diff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/diff.c b/diff.c
index dc9965e836..5634992bbc 100644
--- a/diff.c
+++ b/diff.c
@@ -487,11 +487,11 @@ static const char *external_diff(void)
 	static const char *external_diff_cmd = NULL;
 	static int done_preparing = 0;
 
 	if (done_preparing)
 		return external_diff_cmd;
-	external_diff_cmd = getenv("GIT_EXTERNAL_DIFF");
+	external_diff_cmd = xstrdup_or_null(getenv("GIT_EXTERNAL_DIFF"));
 	if (!external_diff_cmd)
 		external_diff_cmd = external_diff_cmd_cfg;
 	done_preparing = 1;
 	return external_diff_cmd;
 }
-- 
2.20.1.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2] diff: ensure correct lifetime of external_diff_cmd
  2019-01-11 20:26 ` [PATCH v2] " Kim Gybels
@ 2019-01-12  2:44   ` Junio C Hamano
  0 siblings, 0 replies; 6+ messages in thread
From: Junio C Hamano @ 2019-01-12  2:44 UTC (permalink / raw)
  To: Kim Gybels
  Cc: git, Eric Sunshine, Johannes Schindelin, Karsten Blees, Johannes Sixt

Kim Gybels <kgybels@infogroep.be> writes:

> According to getenv(3)'s notes:
>
>     The implementation of getenv() is not required to be reentrant.  The
>     string pointed to by the return value of getenv() may be statically
>     allocated, and can be modified by a subsequent call to getenv(),
>     putenv(3), setenv(3), or unsetenv(3).
> ...
> Signed-off-by: Kim Gybels <kgybels@infogroep.be>
> ---

Thanks, looking good.

Will queue.

>
> Uses xstrdup_or_null as suggested by Eric Sunshine.
>
>  diff.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/diff.c b/diff.c
> index dc9965e836..5634992bbc 100644
> --- a/diff.c
> +++ b/diff.c
> @@ -487,11 +487,11 @@ static const char *external_diff(void)
>  	static const char *external_diff_cmd = NULL;
>  	static int done_preparing = 0;
>  
>  	if (done_preparing)
>  		return external_diff_cmd;
> -	external_diff_cmd = getenv("GIT_EXTERNAL_DIFF");
> +	external_diff_cmd = xstrdup_or_null(getenv("GIT_EXTERNAL_DIFF"));
>  	if (!external_diff_cmd)
>  		external_diff_cmd = external_diff_cmd_cfg;
>  	done_preparing = 1;
>  	return external_diff_cmd;
>  }

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-09 22:10 [PATCH] diff: ensure correct lifetime of external_diff_cmd Kim Gybels
2019-01-09 23:10 ` Eric Sunshine
2019-01-10 15:47   ` Johannes Schindelin
2019-01-10 18:27   ` Junio C Hamano
2019-01-11 20:26 ` [PATCH v2] " Kim Gybels
2019-01-12  2:44   ` Junio C Hamano

git@vger.kernel.org list mirror (unofficial, one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.org/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/
       or Tor2web: https://www.tor2web.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox