From: Bill Lear <rael@zopyra.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, git@vger.kernel.org
Subject: Re: [PATCH 1/4] Add xmallocz()
Date: Tue, 26 Jan 2010 14:56:06 -0600 [thread overview]
Message-ID: <19295.22246.788034.159299@blake.zopyra.com> (raw)
In-Reply-To: <7v1vhczj95.fsf@alter.siamese.dyndns.org>
On Tuesday, January 26, 2010 at 12:47:02 (-0800) Junio C Hamano writes:
>Bill Lear <rael@zopyra.com> writes:
>
>> On Tuesday, January 26, 2010 at 20:24:12 (+0200) Ilari Liusvaara writes:
>>>Add routine for allocating NUL-terminated memory block without risking
>>>integer overflow in addition of +1 for NUL byte.
>>>...
>>> void *xmemdupz(const void *data, size_t len)
>>> {
>>>- char *p = xmalloc(len + 1);
>>>+ char *p = xmallocz(len);
>>> memcpy(p, data, len);
>>> p[len] = '\0';
>>> return p;
>>
>> Do you need the statement
>>
>> p[len] = '\0';
>>
>> any longer in the above? If not, could you just do this:
>>
>> void *xmemdupz(const void *data, size_t len)
>> {
>> return memcpy(xmallocz(len), data, len);
>> }
>
>I think the intention to name it xmallocz() was "This is to allocate
>buffer to hold 'len' bytes worth of stuff, and between the caller and this
>function the buffer is arranged to be NUL terminated". Even though none
>of the existing callers of xmalloc() expected the function to do the NUL
>termination (hence they do NUL termination themselves), I _think_ Ilari
>made the function to do this because its name now ends with "z" that hints
>the callers such a NUL-termination might happen inside the function.
>
>I'd rather see the function lose the NUL termination; if that makes the
>behaviour inconsistent with its name, perhaps it is better to rename the
>function; perhaps xmalloc1() to denote that it overallocates by one?
Why have xmallocz/xmalloc1 lose the NUL termination? Is it because some
call sites don't need the NUL termination? [I spotted one, I think, in
the patch series...].
Bill
next prev parent reply other threads:[~2010-01-26 20:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 18:24 [PATCH 0/4] Fix various integer overflows Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 1/4] Add xmallocz() Ilari Liusvaara
2010-01-26 20:37 ` Bill Lear
2010-01-26 20:47 ` Junio C Hamano
2010-01-26 20:52 ` Junio C Hamano
2010-01-26 21:13 ` Ilari Liusvaara
2010-01-26 20:56 ` Bill Lear [this message]
2010-01-26 18:24 ` [PATCH 2/4] Fix integer overflow in patch_delta() Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 3/4] Fix integer overflow in unpack_sha1_rest() Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 4/4] Fix integer overflow in unpack_compressed_entry() Ilari Liusvaara
2010-01-26 19:58 ` [PATCH 0/4] Fix various integer overflows Junio C Hamano
2010-01-27 8:59 ` Stephen R. van den Berg
2010-01-27 9:57 ` Ilari Liusvaara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19295.22246.788034.159299@blake.zopyra.com \
--to=rael@zopyra.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=ilari.liusvaara@elisanet.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).