Re: PATCH] bisect--helper: plug strvec leak in bisect_start()

["Ævar Arnfjörð Bjarmason" <avarab@gmail.com>]

On Wed, Oct 05 2022, Junio C Hamano wrote:

> Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:
>
>> But I don't get it in this case, why not just:
>> 	
>> 	diff --git a/builtin/bisect--helper.c b/builtin/bisect--helper.c
>> 	index 4e97817fba5..f9645a9d0df 100644
>> 	--- a/builtin/bisect--helper.c
>> 	+++ b/builtin/bisect--helper.c
>> 	@@ -763,11 +763,9 @@ static enum bisect_error bisect_start(struct bisect_terms *terms, const char **a
>> 	 		strbuf_read_file(&start_head, git_path_bisect_start(), 0);
>> 	 		strbuf_trim(&start_head);
>> 	 		if (!no_checkout) {
>> 	-			struct strvec argv = STRVEC_INIT;
>> 	+			const char *argv[] = { "checkout", start_head.buf, "--", NULL };
>> 	 
>> 	-			strvec_pushl(&argv, "checkout", start_head.buf,
>> 	-				     "--", NULL);
>> 	-			if (run_command_v_opt(argv.v, RUN_GIT_CMD)) {
>> 	+			if (run_command_v_opt(argv, RUN_GIT_CMD)) {
>> 	 				res = error(_("checking out '%s' failed."
>> 	 						 " Try 'git bisect start "
>> 	 						 "<valid-branch>'."),
>>
>> The common pattern for run_command_v_opt() callers that don't need a
>> dynamic list is exactly that.
>
> I think you answered it yourself.  start_head.buf is not known at
> compilation time, and there may be some superstition (it may not be
> a mere superstition, but conservatism) about older compiler not
> grokking it.

I think we're thoroughly past that hump as we have a hard requirement on
designated initializers.

Anyway, I believe GCC's -std=c89 wtith -pedantic catches this, e.g. for
bisect--helper.c (the latter is the above patch):

	$ make -k git-objs CFLAGS=-std=c89 2>&1|grep 'initializer element is not computable at load time'|grep bisect
	builtin/bisect--helper.c:534:43: error: initializer element is not computable at load time [-Werror=pedantic]
	builtin/bisect--helper.c:768:60: error: initializer element is not computable at load time [-Werror=pedantic]

For the former we've had:

	static int prepare_revs(struct bisect_terms *terms, struct rev_info *revs)
	[...]
		struct add_bisect_ref_data cb = { revs };

In the same file since 517ecb3161d (bisect--helper: reimplement
`bisect_next` and `bisect_auto_next` shell functions in C, 2020-09-24).

Other prior art, just taking the char[] ones (and not even all of them):
	
	builtin/merge-index.c:12:37: error: initializer element is not computable at load time [-Werror=pedantic]
	   12 |         const char *arguments[] = { pgm, "", "", "", path, "", "", "", NULL };
	builtin/remote.c:95:41: error: initializer element is not computable at load time [-Werror=pedantic]
	   95 |         const char *argv[] = { "fetch", name, NULL, NULL };
	archive.c:408:33: error: initializer element is not computable at load time [-Werror=pedantic]
	  408 |         const char *paths[] = { path, NULL };
	merge-ort.c:1699:45: error: initializer element is not computable at load time [-Werror=pedantic]
	 1699 |                                    "--all", merged_revision, NULL };

So I think we can safely use this.