From: Arnout Engelen <arnouten@bzzt.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] Improved error messages when temporary file creation fails
Date: Tue, 7 Dec 2010 22:20:41 +0100 [thread overview]
Message-ID: <20101207212041.GG25767@bzzt.net> (raw)
In-Reply-To: <7v62v5paj2.fsf@alter.siamese.dyndns.org>
Thanks to you and Jonathan again for the feedback.
On Tue, Dec 07, 2010 at 12:56:17PM -0800, Junio C Hamano wrote:
> > + char origtemplate[255];
> > + strlcpy(origtemplate, template, 255);
>
> Why "255"?
Random - 'i had to choose something'.
> It may happen to be sufficiently large for the current callers, but what
> provisions if any are made to help the compiler or the runtime protect us
> from new and broken callers? Use of strlcpy() there hides the issue from
> the runtime by avoiding segfault, but it actively harms us by making the
> code silently behave incorrectly without segfaulting, no?
Only in a small way: when a bigger template is encountered and the mkstemp
call succeeds, there is no problem. Only when xmkstemp fails *and* clears the
template, the diagnostic error message shows a truncated version of the
original.
I *could* dynamically allocate space for the original template string, but that
would mean I'd need to do a malloc() instead of putting the buffer on the stack
like this, and free() it afterwards. I'm not too concerned about the
performance hit here (presumably the I/O that comes with creating and using
the temporary file here is orders of magnitude slower than that malloc()
anyway), but it would also make the code a bit less easy to read.
What do you think would be preferable here, a simple fixed-length buffer on the
stack that might cause a truncated error message or a dynamically-allocated
one that makes the code somewhat more complicated?
> > +++ b/wrapper.h
>
> Somewhat questionable...
Agreed, this whole file is unneeded and, well, wrong anyway.
I'll remove wrapper.h and apply Jonathan's improvements some time this week,
unless of course someone beats me to it :).
Kind regards,
Arnout
next prev parent reply other threads:[~2010-12-07 21:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-07 18:16 [PATCH] Improved error messages when temporary file creation fails Arnout Engelen
2010-12-07 19:09 ` Jonathan Nieder
2010-12-07 20:56 ` Junio C Hamano
2010-12-07 21:20 ` Arnout Engelen [this message]
2010-12-07 23:56 ` Jakub Narebski
2010-12-08 0:12 ` Jonathan Nieder
2010-12-08 2:01 ` Junio C Hamano
2010-12-18 16:55 ` Arnout Engelen
2010-12-18 20:05 ` Jonathan Nieder
2010-12-18 20:47 ` Junio C Hamano
2010-12-18 20:47 ` Junio C Hamano
2010-12-18 21:28 ` Arnout Engelen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101207212041.GG25767@bzzt.net \
--to=arnouten@bzzt.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).