From: Libor Pechacek <lpechacek@suse.cz>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, Jeff King <peff@peff.net>
Subject: Re: [PATCH v4] Sanity-check config variable names
Date: Fri, 11 Feb 2011 19:52:06 +0100 [thread overview]
Message-ID: <20110211185205.GB7406@localhost.suse.cz> (raw)
In-Reply-To: <7v7hd733q6.fsf@alter.siamese.dyndns.org>
On Thu 10-02-11 14:49:05, Junio C Hamano wrote:
> Libor Pechacek <lpechacek@suse.cz> writes:
>
> > diff --git a/builtin/config.c b/builtin/config.c
> > index ca4a0db..dd17029 100644
> > --- a/builtin/config.c
> > +++ b/builtin/config.c
> > @@ -168,17 +167,30 @@ static int get_value(const char *key_, const char *regex_)
> > ...
> > key_regexp = (regex_t*)xmalloc(sizeof(regex_t));
> > if (regcomp(key_regexp, key, REG_EXTENDED)) {
> > fprintf(stderr, "Invalid key pattern: %s\n", key_);
> > goto free_strings;
>
> This is not a new issue introduced by this series, but isn't this goto
> leaking "key" by jumping over free(key) later in the function but before
> its target?
Yes, sure and not only there. A few lines below there is the compilation of
the value regex. Freeing the memory allocated for key storage obviously needs
a little bit more work and I'd like to post the fix as a separate patch.
> > }
> > + } else {
> > + if (git_config_parse_key(key_, &key, NULL))
> > + goto free_strings;
>
> This seemingly has the same issue but is worse than that. You allocate
> and overwrite "key" in git_config_parse_key(), so by calling the function
> after allocating key in the caller, you immediately leak it. The new copy
> allocated inside the callee is freed at its end upon error return, so
> jumping over free(key) in the caller does not leak, though.
Negligence on my part, thanks for catching it.
> > @@ -1124,59 +1187,22 @@ int git_config_set(const char *key, const char *value)
> > ...
> > + ret = -git_config_parse_key(key, &store.key, &store.baselen);
> > + if (ret)
> > goto out_free;
>
> This '-' is very easy to miss; I'd rather see it spelled out with an
> explanation.
Agree. It would be yet better to get rid this weird transformation at all.
> But looking at the bigger picture, don't you think that an internal
> function like git_config_set() should return negative on error, and
> we should make it the caller's responsibility to turn it to a value
> suitable for feeding exit(3)? It obviously is a separate topic.
Agree and not only that. The exit codes are inconsistent between "set" and
"get" operation[1]. IMHO it's also questionable to feed exit(3) with negative
values.
Would you be in favor of getting the exit codes consistent and documented?
> Here is a minimum fix-up on top of your patch.
Squashed into my patch, with the exception of the memleak fix, which I'm going
to post separately.
> Thanks.
Thanks for the opportunity to contribute. :)
Libor
[1] $ ./git-config x.x x [; echo $?
error: invalid pattern: [
6
$ ./git-config --get x.x [; echo $?
Invalid pattern: [
255
--
Libor Pechacek
SUSE L3 Team, Prague
next prev parent reply other threads:[~2011-02-11 18:52 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-08 14:46 git-config does not check validity of variable names Libor Pechacek
2011-01-11 5:59 ` Jeff King
2011-01-19 10:01 ` Libor Pechacek
2011-01-19 14:11 ` [PATCH] Sanity-ckeck config " Libor Pechacek
2011-01-20 23:22 ` Jeff King
2011-01-21 0:06 ` Jeff King
2011-01-19 14:14 ` [PATCH] Documentation fixes in git-config Libor Pechacek
2011-01-21 0:27 ` Jeff King
2011-01-21 10:20 ` Libor Pechacek
2011-01-21 10:25 ` [PATCH v2] " Libor Pechacek
2011-01-21 16:25 ` Jeff King
2011-01-23 19:46 ` Libor Pechacek
2012-03-01 8:19 ` [PATCH v3] " Libor Pechacek
2012-03-01 9:08 ` Jeff King
2012-03-01 10:54 ` Libor Pechacek
2012-03-01 16:24 ` Junio C Hamano
2012-03-01 10:59 ` [PATCH v4] " Libor Pechacek
2011-01-21 10:02 ` [PATCH] Sanity-ckeck config variable names Libor Pechacek
2011-01-21 10:23 ` [PATCH v2] " Libor Pechacek
2011-01-21 16:23 ` Jeff King
2011-01-27 14:28 ` [PATCH v3] Sanity-check " Libor Pechacek
2011-01-27 22:45 ` Junio C Hamano
2011-01-28 14:53 ` Libor Pechacek
2011-01-30 19:40 ` [PATCH v4] " Libor Pechacek
2011-02-10 22:49 ` Junio C Hamano
2011-02-11 18:52 ` Libor Pechacek [this message]
2011-01-27 14:52 ` [PATCH] Disallow empty section and " Libor Pechacek
2011-01-30 20:34 ` [PATCH v2] " Libor Pechacek
2011-01-31 7:48 ` Johannes Sixt
2011-01-31 9:17 ` Libor Pechacek
2011-01-31 9:29 ` Johannes Sixt
2011-01-31 13:08 ` [PATCH v3] " Libor Pechacek
2011-01-31 16:48 ` Jens Lehmann
2011-02-01 7:13 ` [PATCH v4] " Libor Pechacek
2011-02-10 22:49 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110211185205.GB7406@localhost.suse.cz \
--to=lpechacek@suse.cz \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).