From: Jeff King <peff@peff.net>
To: 胡哲宁 <adlternative@gmail.com>
Cc: "Junio C Hamano" <gitster@pobox.com>,
"阿德烈 via GitGitGadget" <gitgitgadget@gmail.com>,
"Git List" <git@vger.kernel.org>
Subject: Re: [PATCH] strbuf.c: optimize program logic
Date: Sat, 30 Jan 2021 03:50:47 -0500 [thread overview]
Message-ID: <YBUd504cLUJTLEQY@coredump.intra.peff.net> (raw)
In-Reply-To: <CAOLTT8RroMdaty-SwAfK3OSeuFA7PE6ZhPCL4vgrxFxNihdGbQ@mail.gmail.com>
On Fri, Jan 29, 2021 at 02:09:12PM +0800, 胡哲宁 wrote:
> > I'm not sure that strbuf_grow() is safe, though. It relies on
> > ALLOC_GROW, which does not use st_add(), etc.
> >
> I want to say is that `strbuf_grow()` have checked overflow before
> `ALLOC_GROW`,so that `strbuf_grow()`is maybe also safe too? :)
> void strbuf_grow(struct strbuf *sb, size_t extra)
> {
> int new_buf = !sb->alloc;
> if (unsigned_add_overflows(extra, 1) ||
> unsigned_add_overflows(sb->len, extra + 1))
> die("you want to use way too much memory");
> ...
Oh, you're right. I misread it as checking only "extra", but of course
the second line there is making sure our total requested size does not
overflow.
I do think ALLOC_GROW() could still overflow internally as it sizes
larger than sb->len + extra. But this is quite unlikely on a 64-bit
system, as it would imply we're using on the order of 2^63 bytes of RAM
before we enter the function. It potentially could be a problem on a
32-bit system, though I'm not sure how much in practice (the numbers are
small enough to be reasonable, but I'm not sure it's realistic that a
single strbuf could already be using half of the available address
space).
-Peff
prev parent reply other threads:[~2021-01-30 9:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 5:06 [PATCH] strbuf.c: optimize program logic 阿德烈 via GitGitGadget
2021-01-26 6:17 ` Junio C Hamano
2021-01-26 10:44 ` 胡哲宁
2021-01-26 18:47 ` Junio C Hamano
2021-01-26 18:23 ` Jeff King
2021-01-26 20:15 ` Junio C Hamano
2021-01-29 6:09 ` 胡哲宁
2021-01-30 8:50 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBUd504cLUJTLEQY@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=adlternative@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.