From: Jeff King <peff@peff.net>
To: "Carlos Martín Nieto" <cmn@elego.de>
Cc: Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org, Erik Faye-Lund <kusmabite@gmail.com>
Subject: Re: [PATCH] system_path: use a static buffer
Date: Mon, 21 Mar 2011 11:51:08 -0400 [thread overview]
Message-ID: <20110321155108.GA27662@sigill.intra.peff.net> (raw)
In-Reply-To: <1300721194.2583.22.camel@bee.lab.cmartin.tk>
On Mon, Mar 21, 2011 at 04:26:29PM +0100, Carlos Martín Nieto wrote:
> > FWIW, we don't catch snprintf failures in 99% of the calls in git. Most
> > calls just ignore the return value, and some even directly use the
> > return value to add to a length. The one place that actually does check
> > for the error is strbuf_vaddf, which just says "your vsnprintf is
> > broken" and dies.
>
> It's not actually likely we'll ever meet this error if the only one
> allowed to set the format string is the programmer (and to do otherwise
> is a security risk).
Agreed.
> Or we could overload (#define) snprintf and replace it with the
> paranoid. It'd go nicely with the vsnprintf that tries to work around
> the Windows implementation.
>
> I don't feel that strongly we should have the extra check there, seeing
> how it's rare and not checked anywhere else.
Yeah, I am happy to just drop it. AFAICT, an error return from snprintf
is a bug in your program[1] or a bug in libc. In either case, it should
fail or produce bogus output on the first run, and we don't need to
worry about checking errors all the time. Noting the error helps a
little with detection, but since we already install our own vsnprintf on
known-buggy platforms, I haven't seen a single complaint.
-Peff
[1] The only error I managed to get out of eglibc was trying to format
"%" (i.e., percent followed by NUL). Skimming the eglibc code (gaah, my
eyes!) it looks like under some conditions it can allocate small work
buffers, and return an error if malloc fails. So yeah, I guess it can
fail randomly, but it seems pretty unlikely.
next prev parent reply other threads:[~2011-03-21 15:51 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 19:18 [PATCH 0/3] Fix some errors reported by valgrind Carlos Martín Nieto
2011-03-14 19:18 ` [PATCH 1/3] make_absolute_path: Don't try to copy a string to itself Carlos Martín Nieto
2011-03-14 20:02 ` Jeff King
2011-03-14 20:25 ` Junio C Hamano
2011-03-14 22:02 ` Carlos Martín Nieto
2011-03-14 22:58 ` Junio C Hamano
2011-03-15 11:59 ` Carlos Martín Nieto
2011-03-15 12:40 ` Carlos Martín Nieto
2011-03-15 17:02 ` Junio C Hamano
2011-03-15 17:27 ` Carlos Martín Nieto
2011-03-16 14:16 ` Nguyen Thai Ngoc Duy
2011-03-16 14:49 ` Carlos Martín Nieto
2011-03-16 14:58 ` Nguyen Thai Ngoc Duy
2011-03-16 14:04 ` Nguyen Thai Ngoc Duy
2011-03-16 15:08 ` Carlos Martín Nieto
2011-03-14 19:18 ` [PATCH 2/3] setup_path(): Free temporary buffer Carlos Martín Nieto
2011-03-14 20:09 ` Jeff King
2011-03-14 22:18 ` Carlos Martín Nieto
2011-03-16 11:26 ` [PATCH] system_path: use a static buffer Carlos Martín Nieto
2011-03-16 15:58 ` Erik Faye-Lund
2011-03-16 16:24 ` Carlos Martín Nieto
2011-03-16 16:33 ` Carlos Martín Nieto
2011-03-16 20:43 ` Junio C Hamano
2011-03-17 11:01 ` Carlos Martín Nieto
2011-03-17 14:24 ` Carlos Martín Nieto
2011-03-18 7:25 ` Junio C Hamano
2011-03-21 9:56 ` Carlos Martín Nieto
2011-03-21 11:14 ` Jeff King
2011-03-21 15:26 ` Carlos Martín Nieto
2011-03-21 15:51 ` Jeff King [this message]
2011-03-21 15:57 ` Carlos Martín Nieto
2011-03-18 10:34 ` Nguyen Thai Ngoc Duy
2011-03-18 11:38 ` PATH_MAX (Re: [PATCH] system_path: use a static buffer) Jonathan Nieder
2011-03-18 11:54 ` Nguyen Thai Ngoc Duy
2011-03-21 9:47 ` Carlos Martín Nieto
2011-03-21 12:37 ` Lasse Makholm
2011-03-21 11:19 ` Nguyen Thai Ngoc Duy
2011-03-18 11:39 ` [PATCH 1/2] wrapper.c: add xgetcwd() Nguyễn Thái Ngọc Duy
2011-03-18 11:39 ` [PATCH 2/2] setup_gently: use xgetcwd() Nguyễn Thái Ngọc Duy
2011-03-14 20:14 ` [PATCH 2/3] setup_path(): Free temporary buffer Junio C Hamano
2011-03-14 22:01 ` Carlos Martín Nieto
2011-03-15 1:12 ` Jeff King
2011-03-15 9:32 ` [PATCH] t/README: Add a note about running commands under valgrind Carlos Martín Nieto
2011-03-15 17:06 ` Junio C Hamano
2011-03-15 17:08 ` Carlos Martín Nieto
2011-03-14 19:18 ` [PATCH 3/3] clone: Free a few paths Carlos Martín Nieto
2011-03-14 19:45 ` Jonathan Nieder
2011-03-18 7:25 ` Junio C Hamano
-- strict thread matches above, loose matches on Subject: below --
2011-03-31 14:36 [PATCH] system_path: use a static buffer Carlos Martín Nieto
2011-03-31 22:42 ` Junio C Hamano
2011-03-31 23:23 ` Carlos Martín Nieto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110321155108.GA27662@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=cmn@elego.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=kusmabite@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).