From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH v2 02/11] clean: do not pass strbuf by value
Date: Sat, 02 Aug 2025 09:44:47 -0700 [thread overview]
Message-ID: <xmqqtt2pisg0.fsf@gitster.g> (raw)
In-Reply-To: <20250802083846.GC3711639@coredump.intra.peff.net> (Jeff King's message of "Sat, 2 Aug 2025 04:38:46 -0400")
Jeff King <peff@peff.net> writes:
> On Thu, Jul 31, 2025 at 03:54:24PM -0700, Junio C Hamano wrote:
>
>> This is a catastrophe waiting to happen. If the callee causes the
>> strbuf to be reallocated, the buf[] the caller has will become
>> dangling, and when the caller does strbuf_release(), it would result
>> in double-free.
>>
>> Stop calling the function with misleading call-by-value with strbuf.
>
> This is definitely an improvement, though I wonder if we could go
> further.
Yes, but in short, between these two
- think twice before you pass struct by value
- do not insist taking the whole struct, take only what you need
lessons, I happened to pick the former one more important to carve
in stone than the latter one. Both are valuable guidance we should
give to our developers, though.
> nr = parse_choice(stuff,
> opts->flags & MENU_OPTS_SINGLETON,
> - choice,
> + choice.buf,
> &chosen);
>
> if (opts->flags & MENU_OPTS_SINGLETON) {
>
> I dunno. Maybe it is nitpicking, but I think "don't take a strbuf if you
> only need a string" is a good general rule. Of course there is only one
> caller here, so flexibility is probably not that important.
But I think we engrave both lessons in the history by keeping this
step as-is, do the string_list_split_in_place_f() thing, and then
add a new patch to pass just the .buf member to parse_choice().
next prev parent reply other threads:[~2025-08-02 16:44 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-31 7:41 [PATCH 0/9] do not overuse strbuf_split*() Junio C Hamano
2025-07-31 7:41 ` [PATCH 1/9] wt-status: avoid strbuf_split*() Junio C Hamano
2025-07-31 7:41 ` [PATCH 2/9] clean: do not pass strbuf by value Junio C Hamano
2025-07-31 7:41 ` [PATCH 3/9] clean: do not use strbuf_split*() [part 1] Junio C Hamano
2025-07-31 7:41 ` [PATCH 4/9] clean: do not use strbuf_split*() [part 2] Junio C Hamano
2025-07-31 7:41 ` [PATCH 5/9] merge-tree: do not use strbuf_split*() Junio C Hamano
2025-07-31 7:41 ` [PATCH 6/9] notes: " Junio C Hamano
2025-07-31 20:14 ` Eric Sunshine
2025-07-31 7:41 ` [PATCH 7/9] config: do not use strbuf_split() Junio C Hamano
2025-07-31 20:15 ` Eric Sunshine
2025-07-31 7:41 ` [PATCH 8/9] environment: do not use strbuf_split*() Junio C Hamano
2025-07-31 7:41 ` [PATCH 9/9] sub-process: " Junio C Hamano
2025-07-31 8:50 ` Christian Couder
2025-07-31 14:30 ` Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 00/11] do not overuse strbuf_split*() Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 01/11] wt-status: avoid strbuf_split*() Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 02/11] clean: do not pass strbuf by value Junio C Hamano
2025-08-02 8:38 ` Jeff King
2025-08-02 16:44 ` Junio C Hamano [this message]
2025-08-02 18:40 ` Jeff King
2025-07-31 22:54 ` [PATCH v2 03/11] clean: do not use strbuf_split*() [part 1] Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 04/11] clean: do not use strbuf_split*() [part 2] Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 05/11] merge-tree: do not use strbuf_split*() Junio C Hamano
2025-08-02 8:55 ` Jeff King
2025-07-31 22:54 ` [PATCH v2 06/11] notes: " Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 07/11] config: do not use strbuf_split() Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 08/11] environment: do not use strbuf_split*() Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 09/11] sub-process: " Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 10/11] trace2: trim_trailing_newline followed by trim is a no-op Junio C Hamano
2025-07-31 22:54 ` [PATCH v2 11/11] trace2: do not use strbuf_split*() Junio C Hamano
2025-08-02 9:08 ` [PATCH v2 00/11] do not overuse strbuf_split*() Jeff King
2025-08-02 17:09 ` Junio C Hamano
2025-08-02 18:47 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqtt2pisg0.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.