From: Junio C Hamano <gitster@pobox.com>
To: Duy Nguyen <pclouds@gmail.com>
Cc: Jeff King <peff@peff.net>, Stefan Beller <sbeller@google.com>,
"git\@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: [PATCH] strbuf: stop out-of-boundary warnings from Coverity
Date: Thu, 18 Jun 2015 09:46:09 -0700 [thread overview]
Message-ID: <xmqqioalezhq.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <20150618101353.GA6525@lanh> (Duy Nguyen's message of "Thu, 18 Jun 2015 17:13:53 +0700")
Duy Nguyen <pclouds@gmail.com> writes:
> The last resort is simply filter out a whole class of warnings.
> Probably good enough if both patches look equally ugly.
>
> -- 8< --
> Subject: [PATCH] strbuf: kill strbuf_slopbuf, in favor of ""
>
> A lot of "out-of-bound access" warnings on scan.coverity.com is because
> it does not realize this strbuf_slopbuf[] is in fact initialized with a
> single and promised to never change. But that promise could be broken if
> some caller attempts to write to strbuf->buf[0] write after STRBUF_INIT.
>
> We really can't do much about it. But we can try to put strbuf_slopbuf
> in .rodata section, where writes will be caught by the OS with memory
> protection support. The only drawback is people can't do
> "buf->buf == strbuf_slopbuf" any more. Luckily nobody does that in the
> current code base.
> ---
Hmph, would declaring slopbuf as "const char [1]" (and sprinkling
the "(char *)" cast) have the same effect, I wonder?
> +static inline void strbuf_terminate(struct strbuf *sb)
> +{
> + if (sb->buf[sb->len])
> + sb->buf[sb->len] = '\0';
> +}
This is so that you can call things like strbuf_rtrim() immediately
after running strbuf_init() safely, but I think it needs a comment
to save people from wondering what is going on, e.g. "this is not an
optimization to avoid assigning NUL to a place that is already NUL;
a freshly initialized strbuf points at an unwritable piece of NUL
and we do not want to cause a SEGV".
next prev parent reply other threads:[~2015-06-18 16:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-17 10:16 [PATCH] strbuf: stop out-of-boundary warnings from Coverity Nguyễn Thái Ngọc Duy
2015-06-17 17:28 ` Stefan Beller
2015-06-17 17:58 ` Stefan Beller
2015-06-17 19:12 ` Jeff King
2015-06-17 20:03 ` Stefan Beller
2015-06-18 10:13 ` Duy Nguyen
2015-06-18 16:46 ` Junio C Hamano [this message]
2015-06-19 10:39 ` Duy Nguyen
2015-06-19 10:50 ` Remi Galan Alfonso
2015-06-19 10:51 ` Duy Nguyen
2015-06-19 15:27 ` Junio C Hamano
2015-06-17 19:25 ` Junio C Hamano
2015-06-17 20:05 ` Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqioalezhq.fsf@gitster.dls.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.