From: Junio C Hamano <gitster@pobox.com>
To: Jim Meyering <jim@meyering.net>
Cc: Marcus Karlsson <mk@acc.umu.se>, git list <git@vger.kernel.org>
Subject: Re: [PATCH] diff: avoid stack-buffer-read-overrun for very long name
Date: Thu, 26 Apr 2012 09:13:03 -0700 [thread overview]
Message-ID: <xmqq62cma2uo.fsf@junio.mtv.corp.google.com> (raw)
In-Reply-To: <87d36uxzfw.fsf@rho.meyering.net> (Jim Meyering's message of "Thu, 26 Apr 2012 17:52:51 +0200")
Jim Meyering <jim@meyering.net> writes:
> What do you think about replacing those two append-if-needed two-liners:
>
> if (buffer2.len && buffer2.buf[buffer2.len - 1] != '/')
> strbuf_addch(&buffer2, '/');
>
> by something that readably encapsulates the idiom:
>
> strbuf_append_if_absent (&buffer2, '/');
>
> (though the name isn't particularly apt, because you might
> take "absent" to mean "not anywhere in the string," so maybe
> strbuf_append_if_not_already_at_end (ugly) or
> strbuf_append_uniq
> )
I am not good at names, but strbuf_terminate_with(&buffer2, '/')
perhaps?
> There are several other uses that would benefit from such a transformation:
> To find the easy ones, I ran this:
>
> git grep -B1 "strbuf_addch.*'"|grep -A1 '!='
>
> I've manually marked/separated the ones that don't apply.
>
> Note how only 2 of the 6 candidates ensure that length is positive
> before using ".len - 1":
Yikes, that is embarrasing ;-)
>
> ------------------------------------
> builtin/branch.c- if (!buf.len || buf.buf[buf.len-1] != '\n')
> builtin/branch.c: strbuf_addch(&buf, '\n');
> --
> builtin/fmt-merge-msg.c- if (out->buf[out->len - 1] != '\n')
> builtin/fmt-merge-msg.c: strbuf_addch(out, '\n');
> --
> builtin/log.c- if (filename.buf[filename.len - 1] != '/')
> builtin/log.c: strbuf_addch(&filename, '/');
> --
> builtin/notes.c- if (buf.buf[buf.len - 1] != '\n')
> builtin/notes.c: strbuf_addch(&buf, '\n'); /* Make sure msg ends with newline */
> --
> refs.c- if (real_pattern.buf[real_pattern.len - 1] != '/')
> refs.c: strbuf_addch(&real_pattern, '/');
> --
> strbuf.h- if (sb->len && sb->buf[sb->len - 1] != '\n')
> strbuf.h: strbuf_addch(sb, '\n');
next prev parent reply other threads:[~2012-04-26 16:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-16 15:20 [PATCH] diff: avoid stack-buffer-read-overrun for very long name Jim Meyering
2012-04-16 22:27 ` Marcus Karlsson
2012-04-24 16:09 ` Jim Meyering
2012-04-25 19:37 ` Junio C Hamano
2012-04-26 15:52 ` Jim Meyering
2012-04-26 16:13 ` Junio C Hamano [this message]
2012-04-26 16:21 ` Bert Wesarg
2012-04-26 16:26 ` Jim Meyering
2012-04-26 16:53 ` Bert Wesarg
2012-04-26 17:26 ` Jim Meyering
2012-04-26 16:22 ` Jim Meyering
2012-04-27 12:55 ` Andreas Ericsson
2012-04-27 15:07 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq62cma2uo.fsf@junio.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=jim@meyering.net \
--cc=mk@acc.umu.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.