From: Stefan Beller <stefanbeller@googlemail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Jeff King <peff@peff.net>, git@vger.kernel.org
Subject: Re: [PATCH] diff: remove ternary operator evaluating always to true
Date: Mon, 12 Aug 2013 10:32:01 +0200 [thread overview]
Message-ID: <52089D81.5010506@googlemail.com> (raw)
In-Reply-To: <7vli471mxy.fsf@alter.siamese.dyndns.org>
[-- Attachment #1: Type: text/plain, Size: 4270 bytes --]
On 08/12/2013 07:46 AM, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
>
>> On Thu, Aug 08, 2013 at 08:31:44PM +0200, Stefan Beller wrote:
>>
>>> The next occurrences are at:
>>> /* Never use a non-valid filename anywhere if at all possible */
>>> name_a = DIFF_FILE_VALID(one) ? name_a : name_b;
>>> name_b = DIFF_FILE_VALID(two) ? name_b : name_a;
>>>
>>> a_one = quote_two(a_prefix, name_a + (*name_a == '/'));
>>> b_two = quote_two(b_prefix, name_b + (*name_b == '/'));
>>>
>>> In the last line of this block 'name_b' is dereferenced and compared
>>> to '/'. This would crash if name_b was NULL. Hence in the following code
>>> we can assume name_b being non-null.
>>
>> I think your change is correct, but I find the reasoning above a little
>> suspect. It assumes that the second chunk of code (accessing name_a and
>> name_b) is correct, and pins the correctness of the code you are
>> changing to it. If the second chunk is buggy, then you are actually
>> making the code worse.
>
> True. I think the original code structure design is name_a should
> always exist but name_b may not (the caller of run_diff_cmd() that
> eventually calls this call these "name" and "other", and the intent
> is renaming filepair is what needs "other").
>
>> I wonder if the implicit expectation of the function to take at least
>> one non-NULL name would be more obvious if the first few lines were
>> written as:
>>
>> if (DIFF_FILE_VALID(one)) {
>> if (!DIFF_FILE_VALID(two))
>> name_b = name_a;
>> } else if (DIFF_FILE_VALID(two))
>> name_a = name_b;
>> else
>> die("BUG: two invalid files to diff");
>>
>> That covers all of the cases explicitly, though it is IMHO uglier to
>> read (and there is still an implicit assumption that the name is
>> non-NULL if DIFF_FILE_VALID() is true).
>
> I think that is an overall improvement, especially if we also update
> the checks of {one,two}->mode made for the block that deals with
> submodules to use DIFF_FILE_VALID().
>
> Thanks.
>
So, do I understand your reasoning, when proposing this patch?
(This may break whitespaces as it's copied into my MUA, will resend with
git send-mail if you think this is the right thing.)
This patch just covers your discussion and not the previous patches.
Stefan
--8<--
From 701bab4f15598ba230552af7f1d5719187f1b2e8 Mon Sep 17 00:00:00 2001
From: Stefan Beller <stefanbeller@googlemail.com>
Date: Mon, 12 Aug 2013 10:29:07 +0200
Subject: [PATCH] diff: Additional error checking for input parameters
This makes the diff function error out instead of segfaulting if the
parameters are bad.
Helped-by: Jeff King <peff@peff.net>
Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Stefan Beller <stefanbeller@googlemail.com>
---
diff.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/diff.c b/diff.c
index e53ddad..de21971 100644
--- a/diff.c
+++ b/diff.c
@@ -2254,8 +2254,11 @@ static void builtin_diff(const char *name_a,
(!two->mode || S_ISGITLINK(two->mode))) {
const char *del = diff_get_color_opt(o, DIFF_FILE_OLD);
const char *add = diff_get_color_opt(o, DIFF_FILE_NEW);
- show_submodule_summary(o->file, one ? one->path : two->path,
- line_prefix,
+ struct diff_filespec *spec = one && DIFF_FILE_VALID(one) ? one : two;
+ if (!spec && !DIFF_FILE_VALID(spec))
+ die("BUG: two invalid diff_filespec structs in diff");
+
+ show_submodule_summary(o->file, spec->path, line_prefix,
one->sha1, two->sha1, two->dirty_submodule,
meta, del, add, reset);
return;
@@ -2276,8 +2279,13 @@ static void builtin_diff(const char *name_a,
}
/* Never use a non-valid filename anywhere if at all possible */
- name_a = DIFF_FILE_VALID(one) ? name_a : name_b;
- name_b = DIFF_FILE_VALID(two) ? name_b : name_a;
+ if (DIFF_FILE_VALID(one)) {
+ if (!DIFF_FILE_VALID(two))
+ name_b = name_a;
+ } else if (DIFF_FILE_VALID(two))
+ name_a = name_b;
+ else
+ die("BUG: two invalid files to diff");
a_one = quote_two(a_prefix, name_a + (*name_a == '/'));
b_two = quote_two(b_prefix, name_b + (*name_b == '/'));
--
1.8.4.rc2
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 899 bytes --]
next prev parent reply other threads:[~2013-08-12 8:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-08 18:31 [PATCH] diff: remove ternary operator evaluating always to true Stefan Beller
2013-08-10 7:21 ` Jeff King
2013-08-12 5:46 ` Junio C Hamano
2013-08-12 8:32 ` Stefan Beller [this message]
2013-08-12 8:38 ` Stefan Beller
2013-08-12 17:15 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52089D81.5010506@googlemail.com \
--to=stefanbeller@googlemail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.