Re: [PATCH] usr/gen_init_cpio.c: remove unnecessary "if"

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cong Ding <dinggnu@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Jiri Kosina <jkosina@suse.cz>, Jesper Juhl <jj@codesealer.com>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] usr/gen_init_cpio.c: remove unnecessary "if"
Date: Tue, 18 Dec 2012 23:41:53 +0100	[thread overview]
Message-ID: <20121218224153.GA6143@gmail.com> (raw)
In-Reply-To: <CAGXu5jKfrBikf1ND6Oeadwnr6Zh4wG2raF8BCNOxN2TJBwTedw@mail.gmail.com>

On Tue, Dec 18, 2012 at 02:03:08PM -0800, Kees Cook wrote:
> [resend, busted mailer]
> 
> On Tue, Dec 18, 2012 at 1:26 PM, Cong Ding <dinggnu@gmail.com> wrote:
> >
> > usr/gen_init_cpio.c: remove unnecessary "if"
> >
> > if it goes to fail, dname isn't allocated; otherwise, it is allocated
> > successfully. so we just free memory when it doesn't fail.
> >
> > this patch also fix a trival trailing space warning by checkpatch
> >
> > Signed-off-by: Cong Ding <dinggnu@gmail.com>
> > ---
> >  usr/gen_init_cpio.c |    4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
> > index af8c925..afebe09 100644
> > --- a/usr/gen_init_cpio.c
> > +++ b/usr/gen_init_cpio.c
> > @@ -372,7 +372,7 @@ static int cpio_mkfile(const char *name, const char
> > *location,
> >         }
> >         ino++;
> >         rc = 0;
> > -
> > +
> >  error:
> >         if (filebuf) free(filebuf);
> >         if (file >= 0) close(file);
> 
> 
> This chunk is fine.
> 
> > @@ -452,8 +452,8 @@ static int cpio_mkfile_line(const char *line)
> >         }
> >         rc = cpio_mkfile(dname, cpio_replace_env(location),
> >                          mode, uid, gid, nlinks);
> > +       free(dname);
> >   fail:
> > -       if (dname_len) free(dname);
> >         return rc;
> >  }
> 
> While technically correct, the dname_len check is there to avoid the case of
> trying to free "name" if a "goto fail" is ever added to the code. So, it's
> defensive given the mixing of dname being either allocated or static. I
> think it might be cleaner to use a new char * (maybe "name_arg", instead of
> re-using dname), and then dname can always be freed before the function
> returns:
> 
>   char * name_arg;
>   ...
>   if (end && ...) {
>       ...
>       name_arg = dname;
>   } else {
>       name_arg = name;
>   }
>   rc = cpio_mkfile(name_arg, ...);
> fail:
>   free(dname);
>   return rc;
sorry my patch is wrong (I missed the "else" branch). but I don't think it is
necessary to use another variable name_arg.  so I think the correct version
would be as following. if you think it is necessary and agree the change, I
will send a version 2.

@@ -452,8 +452,8 @@ static int cpio_mkfile_line(const char *line)
 	}
 	rc = cpio_mkfile(dname, cpio_replace_env(location),
 	                 mode, uid, gid, nlinks);
+	if (dname_len) free(dname);
- fail:
+ out:
-	if (dname_len) free(dname);
 	return rc;
 }

or you want something like this? I have added variable name_arg, changed the
dname_len to name_len, changed fail to out, moved free(dname) before "out".
(btw, if we do like this, what do you suggest to use in the commit message?)

 usr/gen_init_cpio.c |   26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
index af8c925..dff6a1e 100644
--- a/usr/gen_init_cpio.c
+++ b/usr/gen_init_cpio.c
@@ -409,19 +409,20 @@ static int cpio_mkfile_line(const char *line)
 {
 	char name[PATH_MAX + 1];
 	char *dname = NULL; /* malloc'ed buffer for hard links */
+	char *name_arg;
 	char location[PATH_MAX + 1];
 	unsigned int mode;
 	int uid;
 	int gid;
 	int nlinks = 1;
-	int end = 0, dname_len = 0;
+	int end = 0, name_len = 0;
 	int rc = -1;
 
 	if (5 > sscanf(line, "%" str(PATH_MAX) "s %" str(PATH_MAX)
 				"s %o %d %d %n",
 				name, location, &mode, &uid, &gid, &end)) {
 		fprintf(stderr, "Unrecognized file format '%s'", line);
-		goto fail;
+		goto out;
 	}
 	if (end && isgraph(line[end])) {
 		int len;
@@ -429,12 +430,13 @@ static int cpio_mkfile_line(const char *line)
 
 		dname = malloc(strlen(line));
 		if (!dname) {
-			fprintf (stderr, "out of memory (%d)\n", dname_len);
-			goto fail;
+			fprintf (stderr, "out of memory (%d)\n", name_len);
+			goto out;
 		}
 
-		dname_len = strlen(name) + 1;
-		memcpy(dname, name, dname_len);
+		name_arg = dname;
+		name_len = strlen(name) + 1;
+		memcpy(name_arg, name, name_len);
 
 		do {
 			nend = 0;
@@ -442,18 +444,18 @@ static int cpio_mkfile_line(const char *line)
 					name, &nend) < 1)
 				break;
 			len = strlen(name) + 1;
-			memcpy(dname + dname_len, name, len);
-			dname_len += len;
+			memcpy(name_arg + name_len, name, len);
+			name_len += len;
 			nlinks++;
 			end += nend;
 		} while (isgraph(line[end]));
 	} else {
-		dname = name;
+		name_arg = name;
 	}
-	rc = cpio_mkfile(dname, cpio_replace_env(location),
+	rc = cpio_mkfile(name_arg, cpio_replace_env(location),
 	                 mode, uid, gid, nlinks);
- fail:
-	if (dname_len) free(dname);
+	if (!dname) free(dname);
+ out:
 	return rc;
 }
 
-- 
1.7.10.4




 
-- 
1.7.10.4

> 
> And I'd probably rename "fail" to "out".
> 
> -Kees
> 
> --
> Kees Cook
> Chrome OS Security

next prev parent reply	other threads:[~2012-12-18 22:42 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-18 21:26 [PATCH] usr/gen_init_cpio.c: remove unnecessary "if" Cong Ding
     [not found] ` <CAGXu5jL6od7Mpm3NPDD-wyo8cZGmOY8HZwpkVBaSPc61Z+TxOA@mail.gmail.com>
2012-12-18 22:03   ` Kees Cook
2012-12-18 22:41     ` Cong Ding [this message]
2012-12-18 22:50       ` Cong Ding

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:af8c925 dfblob:dff6a1e )
 OR (
bs:"Re: [PATCH] usr/gen_init_cpio.c: remove unnecessary "
bs:"if" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121218224153.GA6143@gmail.com \
    --to=dinggnu@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=jj@codesealer.com \
    --cc=jkosina@suse.cz \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.