From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [PATCH] pkt-line: don't check string length in packet_length()
Date: Tue, 04 Jul 2023 22:56:32 -0700 [thread overview]
Message-ID: <xmqqttui3nqn.fsf@gitster.g> (raw)
In-Reply-To: <89d58db7-6a01-b3fa-54f0-19d5a3819eb3@web.de> ("René Scharfe"'s message of "Sat, 1 Jul 2023 09:05:15 +0200")
René Scharfe <l.s.r@web.de> writes:
> hex2chr() takes care not to run over the end of a short string.
> 101736a14c (pkt-line: extern packet_length(), 2020-05-19) turned the
> input parameter of packet_length() from a string pointer into an array
> of known length, making string length checks unnecessary. Get rid of
> them by using hexval() directly.
I am puzzled about the part of the above description on "making
string length checks unnecessary". The two callers we currently
have both do pass char[4], but the compiler would not stop us from
passing a pointer to a memory region of an unknown size; if we
butcher one of the current callers
diff --git c/pkt-line.c w/pkt-line.c
index 6e022029ca..e1c49baefd 100644
--- c/pkt-line.c
+++ w/pkt-line.c
@@ -421,7 +421,7 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
return PACKET_READ_EOF;
}
- len = packet_length(linelen);
+ len = packet_length(buffer);
if (len < 0) {
if (options & PACKET_READ_GENTLE_ON_READ_ERROR)
where "buffer" is just a random piece of memory passed to the caller
and there is no such guarantee like "it at least is 4 bytes long",
we would just slurp garbage and run past the end of the buffer.
> The resulting branchless code is simpler and it becomes easier to see
> that the function mirrors set_packet_header().
I do like the resulting code, but I feel a bit uneasy to sell this
change as "the code becomes more streamlined without losing safety".
It looks more like "this change is safe for our two callers; those
adding more callers in the future are better be very careful", no?
next prev parent reply other threads:[~2023-07-05 5:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-01 7:05 [PATCH] pkt-line: don't check string length in packet_length() René Scharfe
2023-07-05 5:56 ` Junio C Hamano [this message]
2023-07-05 16:15 ` René Scharfe
2023-07-05 20:33 ` Junio C Hamano
2023-07-05 21:11 ` René Scharfe
2023-07-05 22:27 ` Junio C Hamano
2023-07-06 5:07 ` René Scharfe
2023-07-07 21:47 ` [PATCH v2] pkt-line: add size parameter to packet_length() René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttui3nqn.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.