From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeff King <peff@peff.net>
Subject: Re: [PATCH] setup_revisions(): do not access outside argv
Date: Thu, 21 May 2009 00:18:12 -0400
Message-ID: <20090521041812.GE8091@sigill.intra.peff.net>
References: <1242806900-3499-1-git-send-email-pclouds@gmail.com> <4A13BC3C.5070000@viscovery.net> <fcaeb9bf0905200123r3649a7e5vc40ece402379e701@mail.gmail.com> <7v7i0btdwu.fsf@alter.siamese.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Cc: Nguyen Thai Ngoc Duy <pclouds@gmail.com>,
	Johannes Sixt <j.sixt@viscovery.net>, git@vger.kernel.org
To: Junio C Hamano <gitster@pobox.com>
X-From: git-owner@vger.kernel.org Thu May 21 06:18:27 2009
Return-path: <git-owner@vger.kernel.org>
Envelope-to: gcvg-git-2@gmane.org
Received: from vger.kernel.org ([209.132.176.167])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1M6zjd-0008R3-7t
	for gcvg-git-2@gmane.org; Thu, 21 May 2009 06:18:25 +0200
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750820AbZEUESN (ORCPT <rfc822;gcvg-git-2@m.gmane.org>);
	Thu, 21 May 2009 00:18:13 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750799AbZEUESM
	(ORCPT <rfc822;git-outgoing>); Thu, 21 May 2009 00:18:12 -0400
Received: from peff.net ([208.65.91.99]:52929 "EHLO peff.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750719AbZEUESL (ORCPT <rfc822;git@vger.kernel.org>);
	Thu, 21 May 2009 00:18:11 -0400
Received: (qmail 12236 invoked by uid 107); 21 May 2009 04:18:17 -0000
Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7)
  (smtp-auth username relayok, mechanism cram-md5)
  by peff.net (qpsmtpd/0.40) with ESMTPA; Thu, 21 May 2009 00:18:17 -0400
Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 21 May 2009 00:18:12 -0400
Content-Disposition: inline
In-Reply-To: <7v7i0btdwu.fsf@alter.siamese.dyndns.org>
Sender: git-owner@vger.kernel.org
Precedence: bulk
List-ID: <git.vger.kernel.org>
X-Mailing-List: git@vger.kernel.org
Archived-At: <http://permalink.gmane.org/gmane.comp.version-control.git/119654>

On Wed, May 20, 2009 at 06:58:41PM -0700, Junio C Hamano wrote:

> If a function takes (int ac, char **av), then people should be able to
> depend on the usual convention of
> 
>  (1) for any i < ac, av[i] is not NULL; and
>  (2) av[ac] is NULL.
> 
> With your patch, a broken caller's wish is simply discarded and nobody
> will notice.  Without your patch, at least you will know that the caller
> passed an inconsistent pair of ac and av to this function by seeing a
> coalmine canary segfault.
> 
> I would not mind a patch that adds an assertion that protects this
> function from broken callers, so that we can find them, but your patch
> makes me feel very uneasy.

I agree.

Having just fixed a segfault in the GIT_TRACE code caused by a
non-terminated argv generated by the alias code, I think I would prefer
that we just consistently do the NULL-termination. You are otherwise
creating a maintenance pitfall when somebody later passes the value to
unsuspecting code.

-Peff