From: Junio C Hamano <gitster@pobox.com>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
git@vger.kernel.org, hi-angel@yandex.ru, peff@peff.net,
ramsay@ramsayjones.plus.com, sunshine@sunshineco.com
Subject: Re: [PATCH v5 1/1] worktree add: sanitize worktree names
Date: Tue, 12 Mar 2019 15:45:43 +0900 [thread overview]
Message-ID: <xmqqzhq0h9pk.fsf@gitster-ct.c.googlers.com> (raw)
In-Reply-To: <nycvar.QRO.7.76.6.1903111401220.41@tvgsbejvaqbjf.bet> (Johannes Schindelin's message of "Mon, 11 Mar 2019 14:05:32 +0100 (STD)")
Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:
>> +static int check_refname_component(const char *refname, int *flags,
>> + struct strbuf *sanitized)
>> {
>> const char *cp;
>> char last = '\0';
>> + size_t component_start;
>
> This variable is uninitialized. It is then...
>
>> +
>> + if (sanitized)
>> + component_start = sanitized->len;
>
> ... initialized only when `sanitized` is not `NULL`, and subsequently...
> ...
>> + if (refname[0] == '.') { /* Component starts with '.'. */
>> + if (sanitized)
>> + sanitized->buf[component_start] = '-';
> ...
> ... used a loooooooong time after that, also only if `sanitized` is not
> `NULL`.
>
> Apparently for some GCC versions, this is too cute, and it complains that
It does require humans (well, at least it did to this one) to be
careful when reading the code to know that component_start is valid
when it is used.
There unfortunately is no good "default" value to initialize the
variable to. When checking a later component in a series of
components, it would be looking at non-zero position, so even
initializing it to 0 in this function is *not* a more sensible
fallback default value than any other random garbage value (which
would squelch the compiler, but it would mislead the humans
nevertheless).
And that (i.e. the lack of any sensible default value when sanitized
is NULL) is the reason why the variable is left uninitialized by the
patch, I think. I do not think the code is trying to be cute at
all.
I wonder if we make the caller pass a pointer to
struct {
struct strbuf result;
size_t component_start;
} sanitized;
sanitized.component_start = sanitized.result.len
check_refname_component(refname, flags, &sanitized);
and get rid of the assignment to component_start done by the callee,
it would appease compilers and makes the code easier to vet. It does
introduce one more ad-hoc type, which is a certain downside.
I dunno.
prev parent reply other threads:[~2019-03-12 6:45 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-18 14:36 git gc fails with "unable to resolve reference" for worktree hi-angel
2019-02-18 15:02 ` Duy Nguyen
2019-02-18 15:09 ` hi-angel
2019-02-18 15:18 ` Duy Nguyen
2019-02-20 14:34 ` hi-angel
2019-02-21 11:00 ` [PATCH] worktree add: sanitize worktree names Nguyễn Thái Ngọc Duy
2019-02-21 11:28 ` Konstantin Kharlamov
2019-02-21 11:38 ` Duy Nguyen
2019-02-21 11:44 ` Konstantin Kharlamov
2019-02-21 11:52 ` Duy Nguyen
2019-02-21 13:23 ` Jeff King
2019-02-21 12:19 ` [PATCH v2 0/1] " Nguyễn Thái Ngọc Duy
2019-02-21 12:19 ` [PATCH v2 1/1] " Nguyễn Thái Ngọc Duy
2019-02-21 13:22 ` Jeff King
2019-02-21 17:41 ` Ramsay Jones
2019-02-22 9:21 ` Duy Nguyen
2019-02-26 10:58 ` [PATCH v3 0/1] " Nguyễn Thái Ngọc Duy
2019-02-26 10:58 ` [PATCH v3 1/1] " Nguyễn Thái Ngọc Duy
2019-02-27 12:08 ` Jeff King
2019-02-27 14:23 ` Eric Sunshine
2019-02-27 16:04 ` Jeff King
2019-03-03 1:22 ` Junio C Hamano
2019-03-04 11:19 ` Duy Nguyen
2019-03-04 12:04 ` Duy Nguyen
2019-03-04 15:06 ` Johannes Schindelin
2019-03-05 12:08 ` [PATCH v4 0/2] " Nguyễn Thái Ngọc Duy
2019-03-05 12:08 ` [PATCH v4 1/2] refs.c: refactor check_refname_component() Nguyễn Thái Ngọc Duy
2019-03-06 21:49 ` Jeff King
2019-03-07 23:24 ` Eric Sunshine
2019-03-05 12:08 ` [PATCH v4 2/2] worktree add: sanitize worktree names Nguyễn Thái Ngọc Duy
2019-03-08 9:28 ` [PATCH v5 0/1] " Nguyễn Thái Ngọc Duy
2019-03-08 9:28 ` [PATCH v5 1/1] " Nguyễn Thái Ngọc Duy
2019-03-10 2:02 ` Eric Sunshine
2019-03-11 6:20 ` Junio C Hamano
2019-03-11 9:24 ` Duy Nguyen
2019-03-11 22:39 ` Jeff King
2019-03-12 6:32 ` Junio C Hamano
2019-03-11 6:36 ` Junio C Hamano
2019-03-11 9:27 ` Duy Nguyen
2019-03-11 13:05 ` Johannes Schindelin
2019-03-12 6:45 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqzhq0h9pk.fsf@gitster-ct.c.googlers.com \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=hi-angel@yandex.ru \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=ramsay@ramsayjones.plus.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).