From: Junio C Hamano <gitster@pobox.com>
To: Florian Schmidt <flosch@nutanix.com>
Cc: git@vger.kernel.org,
Jonathan Davies <jonathan.davies@nutanix.com>,
Phillip Wood <phillip.wood@dunelm.org.uk>,
Denton Liu <liu.denton@gmail.com>
Subject: Re: [PATCH] wt-status: Don't find scissors line beyond buf len
Date: Thu, 07 Mar 2024 11:35:34 -0800 [thread overview]
Message-ID: <xmqqsf11ltrt.fsf@gitster.g> (raw)
In-Reply-To: <20240307183743.219951-1-flosch@nutanix.com> (Florian Schmidt's message of "Thu, 7 Mar 2024 18:37:38 +0000")
Florian Schmidt <flosch@nutanix.com> writes:
> Side remark: Since strstr() doesn't consider len, and will always search
> up to a null byte, I now wonder whether it would be safer to create a
> new strbuf that only contains the len bytes we want to operate on.
That is a valid concern in general, but does not seem to apply to
the current codebase. Thanks for being careful.
Two of the three callers of wt_status_locate_end() feed the pointer
into a piece of memory that is owned by strbuf, which guarantees
that the memory has an extra NUL to terminate it as a string even if
you did
strbuf buf = STRBUF_INIT;
strbuf_addch(&buf, 'A');
The other one is in commit.c:ignored_log_message_bytes() that still
takes <buf, len> as input, but again, two of its three callers call
it with a pointer that points at the beginning of memory held by an
instance of strbuf.
That leaves us trailer.c:find_end_of_log_message() the only one to
worry about, but it uses strlen() on the pointer before calling
ignored_log_message_bytes() so the region of the memory pointed at
by the pointer is assumed to be NUL-terminated already, and
presumably (I didn't follow the logic there too closely) the length
is also computed within that NUL-terminated string.
next prev parent reply other threads:[~2024-03-07 19:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 18:37 [PATCH] wt-status: Don't find scissors line beyond buf len Florian Schmidt
2024-03-07 19:20 ` Junio C Hamano
2024-03-07 20:47 ` Junio C Hamano
2024-03-07 21:09 ` Eric Sunshine
2024-03-07 21:15 ` Kristoffer Haugsbakk
2024-03-07 21:24 ` Junio C Hamano
2024-03-07 21:26 ` Eric Sunshine
2024-03-07 21:30 ` Kristoffer Haugsbakk
2024-03-08 9:08 ` Florian Schmidt
2024-03-08 15:26 ` Junio C Hamano
2024-03-08 17:43 ` Florian Schmidt
2024-04-06 1:37 ` Linus Arver
2024-03-07 19:35 ` Junio C Hamano [this message]
2024-03-08 9:13 ` Florian Schmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqsf11ltrt.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=flosch@nutanix.com \
--cc=git@vger.kernel.org \
--cc=jonathan.davies@nutanix.com \
--cc=liu.denton@gmail.com \
--cc=phillip.wood@dunelm.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.