From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Cc: Eric Sunshine <sunshine@sunshineco.com>,
Junio C Hamano <gitster@pobox.com>
Subject: [PATCH v3 12/22] prepare_{git,shell}_cmd: use argv_array
Date: Mon, 22 Feb 2016 17:44:39 -0500 [thread overview]
Message-ID: <20160222224439.GL10075@sigill.intra.peff.net> (raw)
In-Reply-To: <20160222224059.GA3857@sigill.intra.peff.net>
These functions transform an existing argv into one suitable
for exec-ing or spawning via git or a shell. We can use an
argv_array in each to avoid dealing with manual counting and
allocation.
This also makes the memory allocation more clear and fixes
some leaks. In prepare_shell_cmd, we would sometimes
allocate a new string with "$@" in it and sometimes not,
meaning the caller could not correctly free it. On the
non-Windows side, we are in a child process which will
exec() or exit() immediately, so the leak isn't a big deal.
On Windows, though, we use spawn() from the parent process,
and leak a string for each shell command we run. On top of
that, the Windows code did not free the allocated argv array
at all (but does for the prepare_git_cmd case!).
By switching both of these functions to write into an
argv_array, we can consistently free the result as
appropriate.
Signed-off-by: Jeff King <peff@peff.net>
---
exec_cmd.c | 28 +++++++++++-----------------
exec_cmd.h | 4 +++-
run-command.c | 60 +++++++++++++++++++++++++----------------------------------
3 files changed, 39 insertions(+), 53 deletions(-)
diff --git a/exec_cmd.c b/exec_cmd.c
index e85f0fd..cf442a9 100644
--- a/exec_cmd.c
+++ b/exec_cmd.c
@@ -1,6 +1,7 @@
#include "cache.h"
#include "exec_cmd.h"
#include "quote.h"
+#include "argv-array.h"
#define MAX_ARGS 32
static const char *argv_exec_path;
@@ -107,32 +108,25 @@ void setup_path(void)
strbuf_release(&new_path);
}
-const char **prepare_git_cmd(const char **argv)
+const char **prepare_git_cmd(struct argv_array *out, const char **argv)
{
- int argc;
- const char **nargv;
-
- for (argc = 0; argv[argc]; argc++)
- ; /* just counting */
- nargv = xmalloc(sizeof(*nargv) * (argc + 2));
-
- nargv[0] = "git";
- for (argc = 0; argv[argc]; argc++)
- nargv[argc + 1] = argv[argc];
- nargv[argc + 1] = NULL;
- return nargv;
+ argv_array_push(out, "git");
+ argv_array_pushv(out, argv);
+ return out->argv;
}
int execv_git_cmd(const char **argv) {
- const char **nargv = prepare_git_cmd(argv);
- trace_argv_printf(nargv, "trace: exec:");
+ struct argv_array nargv = ARGV_ARRAY_INIT;
+
+ prepare_git_cmd(&nargv, argv);
+ trace_argv_printf(nargv.argv, "trace: exec:");
/* execvp() can only ever return if it fails */
- sane_execvp("git", (char **)nargv);
+ sane_execvp("git", (char **)nargv.argv);
trace_printf("trace: exec failed: %s\n", strerror(errno));
- free(nargv);
+ argv_array_clear(&nargv);
return -1;
}
diff --git a/exec_cmd.h b/exec_cmd.h
index 93b0c02..1f6b433 100644
--- a/exec_cmd.h
+++ b/exec_cmd.h
@@ -1,11 +1,13 @@
#ifndef GIT_EXEC_CMD_H
#define GIT_EXEC_CMD_H
+struct argv_array;
+
extern void git_set_argv_exec_path(const char *exec_path);
extern const char *git_extract_argv0_path(const char *path);
extern const char *git_exec_path(void);
extern void setup_path(void);
-extern const char **prepare_git_cmd(const char **argv);
+extern const char **prepare_git_cmd(struct argv_array *out, const char **argv);
extern int execv_git_cmd(const char **argv); /* NULL terminated */
LAST_ARG_MUST_BE_NULL
extern int execl_git_cmd(const char *cmd, ...);
diff --git a/run-command.c b/run-command.c
index cdf0184..019f6d1 100644
--- a/run-command.c
+++ b/run-command.c
@@ -160,50 +160,41 @@ int sane_execvp(const char *file, char * const argv[])
return -1;
}
-static const char **prepare_shell_cmd(const char **argv)
+static const char **prepare_shell_cmd(struct argv_array *out, const char **argv)
{
- int argc, nargc = 0;
- const char **nargv;
-
- for (argc = 0; argv[argc]; argc++)
- ; /* just counting */
- /* +1 for NULL, +3 for "sh -c" plus extra $0 */
- nargv = xmalloc(sizeof(*nargv) * (argc + 1 + 3));
-
- if (argc < 1)
+ if (!argv[0])
die("BUG: shell command is empty");
if (strcspn(argv[0], "|&;<>()$`\\\"' \t\n*?[#~=%") != strlen(argv[0])) {
#ifndef GIT_WINDOWS_NATIVE
- nargv[nargc++] = SHELL_PATH;
+ argv_array_push(out, SHELL_PATH);
#else
- nargv[nargc++] = "sh";
+ argv_array_push(out, "sh");
#endif
- nargv[nargc++] = "-c";
-
- if (argc < 2)
- nargv[nargc++] = argv[0];
- else {
- struct strbuf arg0 = STRBUF_INIT;
- strbuf_addf(&arg0, "%s \"$@\"", argv[0]);
- nargv[nargc++] = strbuf_detach(&arg0, NULL);
- }
- }
+ argv_array_push(out, "-c");
- for (argc = 0; argv[argc]; argc++)
- nargv[nargc++] = argv[argc];
- nargv[nargc] = NULL;
+ /*
+ * If we have no extra arguments, we do not even need to
+ * bother with the "$@" magic.
+ */
+ if (!argv[1])
+ argv_array_push(out, argv[0]);
+ else
+ argv_array_pushf(out, "%s \"$@\"", argv[0]);
+ }
- return nargv;
+ argv_array_pushv(out, argv);
+ return out->argv;
}
#ifndef GIT_WINDOWS_NATIVE
static int execv_shell_cmd(const char **argv)
{
- const char **nargv = prepare_shell_cmd(argv);
- trace_argv_printf(nargv, "trace: exec:");
- sane_execvp(nargv[0], (char **)nargv);
- free(nargv);
+ struct argv_array nargv = ARGV_ARRAY_INIT;
+ prepare_shell_cmd(&nargv, argv);
+ trace_argv_printf(nargv.argv, "trace: exec:");
+ sane_execvp(nargv.argv[0], (char **)nargv.argv);
+ argv_array_clear(&nargv);
return -1;
}
#endif
@@ -457,6 +448,7 @@ fail_pipe:
{
int fhin = 0, fhout = 1, fherr = 2;
const char **sargv = cmd->argv;
+ struct argv_array nargv = ARGV_ARRAY_INIT;
if (cmd->no_stdin)
fhin = open("/dev/null", O_RDWR);
@@ -482,9 +474,9 @@ fail_pipe:
fhout = dup(cmd->out);
if (cmd->git_cmd)
- cmd->argv = prepare_git_cmd(cmd->argv);
+ cmd->argv = prepare_git_cmd(&nargv, cmd->argv);
else if (cmd->use_shell)
- cmd->argv = prepare_shell_cmd(cmd->argv);
+ cmd->argv = prepare_shell_cmd(&nargv, cmd->argv);
cmd->pid = mingw_spawnvpe(cmd->argv[0], cmd->argv, (char**) cmd->env,
cmd->dir, fhin, fhout, fherr);
@@ -494,9 +486,7 @@ fail_pipe:
if (cmd->clean_on_exit && cmd->pid >= 0)
mark_child_for_cleanup(cmd->pid);
- if (cmd->git_cmd)
- free(cmd->argv);
-
+ argv_array_clear(&nargv);
cmd->argv = sargv;
if (fhin != 0)
close(fhin);
--
2.7.2.645.g4e1306c
next prev parent reply other threads:[~2016-02-22 22:44 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-15 21:45 [PATCH 0/18] hardening allocations against integer overflow Jeff King
2016-02-15 21:49 ` [PATCH 01/18] add helpers for detecting size_t overflow Jeff King
2016-02-15 21:49 ` [PATCH 02/18] tree-diff: catch integer overflow in combine_diff_path allocation Jeff King
2016-02-15 21:50 ` [PATCH 03/18] harden REALLOC_ARRAY and xcalloc against size_t overflow Jeff King
2016-02-15 21:50 ` [PATCH 04/18] add helpers for allocating flex-array structs Jeff King
2016-02-16 1:47 ` Eric Sunshine
2016-02-16 2:52 ` Jeff King
2016-02-15 21:51 ` [PATCH 05/18] convert trivial cases to ALLOC_ARRAY Jeff King
2016-02-16 4:22 ` Eric Sunshine
2016-02-16 4:23 ` Jeff King
2016-02-16 4:32 ` Eric Sunshine
2016-02-16 5:46 ` Jeff King
2016-02-15 21:52 ` [PATCH 06/18] use xmallocz to avoid size arithmetic Jeff King
2016-02-15 21:52 ` [PATCH 07/18] convert trivial cases to FLEX_ARRAY macros Jeff King
2016-02-16 2:17 ` Eric Sunshine
2016-02-16 3:15 ` Jeff King
2016-02-16 3:26 ` Jeff King
2016-02-16 3:36 ` Jeff King
2016-02-16 4:18 ` Eric Sunshine
2016-02-16 4:22 ` Jeff King
2016-02-16 4:10 ` Eric Sunshine
2016-02-15 21:53 ` [PATCH 08/18] use st_add and st_mult for allocation size computation Jeff King
2016-02-16 5:47 ` Eric Sunshine
2016-02-15 21:53 ` [PATCH 09/18] write_untracked_extension: use FLEX_ALLOC helper Jeff King
2016-02-15 21:54 ` [PATCH 10/18] fast-import: simplify allocation in start_packfile Jeff King
2016-02-15 21:54 ` [PATCH 11/18] fetch-pack: simplify add_sought_entry Jeff King
2016-02-15 21:55 ` [PATCH 12/18] test-path-utils: fix normalize_path_copy output buffer size Jeff King
2016-02-15 21:56 ` [PATCH 13/18] sequencer: simplify memory allocation of get_message Jeff King
2016-02-16 6:05 ` Eric Sunshine
2016-02-15 21:56 ` [PATCH 14/18] git-compat-util: drop mempcpy compat code Jeff King
2016-02-16 6:05 ` Eric Sunshine
2016-02-15 21:56 ` [PATCH 15/18] transport_anonymize_url: use xstrfmt Jeff King
2016-02-15 21:56 ` [PATCH 16/18] diff_populate_gitlink: use a strbuf Jeff King
2016-02-15 21:57 ` [PATCH 17/18] convert ewah/bitmap code to use xmalloc Jeff King
2016-02-15 21:57 ` [PATCH 18/18] ewah: convert to REALLOC_ARRAY, etc Jeff King
2016-02-15 22:02 ` [PATCH 0/18] hardening allocations against integer overflow Jeff King
2016-02-19 11:19 ` [PATCH v2 0/21] " Jeff King
2016-02-19 11:21 ` [PATCH 01/21] reflog_expire_cfg: NUL-terminate pattern field Jeff King
2016-02-19 11:21 ` [PATCH 02/21] add helpers for detecting size_t overflow Jeff King
2016-02-19 11:21 ` [PATCH 03/21] tree-diff: catch integer overflow in combine_diff_path allocation Jeff King
2016-02-19 11:22 ` [PATCH 04/21] harden REALLOC_ARRAY and xcalloc against size_t overflow Jeff King
2016-02-20 21:32 ` René Scharfe
2016-02-21 23:30 ` Jeff King
2016-02-19 11:22 ` [PATCH 05/21] add helpers for allocating flex-array structs Jeff King
2016-02-19 11:23 ` [PATCH 06/21] convert manual allocations to argv_array Jeff King
2016-02-20 8:07 ` Eric Sunshine
2016-02-20 8:10 ` Jeff King
2016-02-20 8:29 ` Eric Sunshine
2016-02-20 8:34 ` Jeff King
2016-02-20 8:39 ` Eric Sunshine
2016-02-20 8:57 ` Jeff King
2016-02-20 9:04 ` Eric Sunshine
2016-02-19 11:23 ` [PATCH 07/21] convert trivial cases to ALLOC_ARRAY Jeff King
2016-02-19 11:23 ` [PATCH 08/21] use xmallocz to avoid size arithmetic Jeff King
2016-02-19 11:23 ` [PATCH 09/21] convert trivial cases to FLEX_ARRAY macros Jeff King
2016-02-19 11:23 ` [PATCH 10/21] use st_add and st_mult for allocation size computation Jeff King
2016-02-19 11:24 ` [PATCH 11/21] prepare_{git,shell}_cmd: use argv_array Jeff King
2016-02-19 11:24 ` [PATCH 12/21] write_untracked_extension: use FLEX_ALLOC helper Jeff King
2016-02-19 11:24 ` [PATCH 13/21] fast-import: simplify allocation in start_packfile Jeff King
2016-02-19 17:48 ` Junio C Hamano
2016-02-19 19:12 ` Jeff King
2016-02-19 11:24 ` [PATCH 14/21] fetch-pack: simplify add_sought_entry Jeff King
2016-02-19 11:24 ` [PATCH 15/21] test-path-utils: fix normalize_path_copy output buffer size Jeff King
2016-02-19 11:25 ` [PATCH 16/21] sequencer: simplify memory allocation of get_message Jeff King
2016-02-19 11:25 ` [PATCH 17/21] git-compat-util: drop mempcpy compat code Jeff King
2016-02-19 11:25 ` [PATCH 18/21] transport_anonymize_url: use xstrfmt Jeff King
2016-02-19 11:25 ` [PATCH 19/21] diff_populate_gitlink: use a strbuf Jeff King
2016-02-19 11:25 ` [PATCH 20/21] convert ewah/bitmap code to use xmalloc Jeff King
2016-02-19 11:25 ` [PATCH 21/21] ewah: convert to REALLOC_ARRAY, etc Jeff King
2016-02-22 22:41 ` [PATCH v3 0/22] hardening allocations against integer overflow Jeff King
2016-02-22 22:43 ` [PATCH v3 01/22] reflog_expire_cfg: NUL-terminate pattern field Jeff King
2016-02-22 22:43 ` [PATCH v3 02/22] add helpers for detecting size_t overflow Jeff King
2016-02-22 22:43 ` [PATCH v3 03/22] tree-diff: catch integer overflow in combine_diff_path allocation Jeff King
2016-02-22 22:43 ` [PATCH v3 04/22] harden REALLOC_ARRAY and xcalloc against size_t overflow Jeff King
2016-02-22 22:43 ` [PATCH v3 05/22] add helpers for allocating flex-array structs Jeff King
2016-02-22 22:44 ` [PATCH v3 06/22] argv-array: add detach function Jeff King
2016-02-22 22:44 ` [PATCH v3 07/22] convert manual allocations to argv_array Jeff King
2016-02-22 22:44 ` [PATCH v3 08/22] convert trivial cases to ALLOC_ARRAY Jeff King
2016-02-22 22:44 ` [PATCH v3 09/22] use xmallocz to avoid size arithmetic Jeff King
2016-02-22 22:44 ` [PATCH v3 10/22] convert trivial cases to FLEX_ARRAY macros Jeff King
2016-02-22 22:44 ` [PATCH v3 11/22] use st_add and st_mult for allocation size computation Jeff King
2016-02-22 22:44 ` Jeff King [this message]
2016-02-22 22:44 ` [PATCH v3 13/22] write_untracked_extension: use FLEX_ALLOC helper Jeff King
2016-02-22 22:44 ` [PATCH v3 14/22] fast-import: simplify allocation in start_packfile Jeff King
2016-02-22 22:44 ` [PATCH v3 15/22] fetch-pack: simplify add_sought_entry Jeff King
2016-02-22 22:44 ` [PATCH v3 16/22] test-path-utils: fix normalize_path_copy output buffer size Jeff King
2016-02-22 22:44 ` [PATCH v3 17/22] sequencer: simplify memory allocation of get_message Jeff King
2016-02-22 22:45 ` [PATCH v3 18/22] git-compat-util: drop mempcpy compat code Jeff King
2016-02-22 22:45 ` [PATCH v3 19/22] transport_anonymize_url: use xstrfmt Jeff King
2016-02-22 22:45 ` [PATCH v3 20/22] diff_populate_gitlink: use a strbuf Jeff King
2016-02-22 22:45 ` [PATCH v3 21/22] convert ewah/bitmap code to use xmalloc Jeff King
2016-02-22 22:45 ` [PATCH v3 22/22] ewah: convert to REALLOC_ARRAY, etc Jeff King
2016-02-22 23:08 ` [PATCH v3 0/22] hardening allocations against integer overflow Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160222224439.GL10075@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).