From: Derrick Stolee <derrickstolee@github.com>
To: Carlo Arenas <carenas@gmail.com>, Matheus Valadares <me@m28.io>
Cc: Johannes.Schindelin@gmx.de, git@vger.kernel.org, gitster@pobox.com
Subject: Re: [PATCH] setup: avoid uninitialized use of is_safe in ensure_valid_ownership
Date: Wed, 27 Apr 2022 10:04:49 -0400 [thread overview]
Message-ID: <2ac40f33-8144-e1a1-c3a2-bb9f818287f8@github.com> (raw)
In-Reply-To: <CAPUEspgf_PpjjrGaAqeE50fWYeCqevQRGutocNOA4gyYzQzFsA@mail.gmail.com>
On 4/27/2022 5:16 AM, Carlo Arenas wrote:
> On Wed, Apr 27, 2022 at 1:33 AM Matheus Valadares <me@m28.io> wrote:
>>
>> C99 standard §6.7.8 (Initialization)/21,
>>
>> If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, or fewer characters in a string literal used to initialize an array of known size than there are elements in the array, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.
>
> Thanks, I will include the change to remove the path initializer and
> add instead the is_safe one as part of my bigger change, but FWIW the
> following doesn't even trigger a warning with the highest level we
> have with neither a recent clang or gcc or even the cppcheck static
> analyzer, but leave and uses is_safe uninitialized.
>
> diff --git a/setup.c b/setup.c
> index 17c7f5fc1dc..28d008145fa 100644
> --- a/setup.c
> +++ b/setup.c
> @@ -1122,7 +1122,9 @@ static int safe_directory_cb(const char *key,
> const char *value, void *d)
>
> static int ensure_valid_ownership(const char *path)
> {
> - struct safe_directory_data data = { .path = path, .is_safe = 0 };
Here, we are using an initializer, which guarantees that the unmentioned
members are set to zeroes.
> + struct safe_directory_data data;
Here, you are not using an initializer. The data could be anything, so
is not safe.
> +
> + data.path = path;
Initializing individual members like this afterwards is not safe unless
you set all members individually.
That is why we use the "= { ... }" pattern throughout the codebase.
Sometimes it is simplified to just "= { 0 }" to make sure that the first
member is mentioned as zero and the remaining members are also set to
zero as specified in the standard.
Thanks,
-Stolee
next prev parent reply other threads:[~2022-04-27 14:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-27 8:04 [PATCH] setup: avoid uninitialized use of is_safe in ensure_valid_ownership Carlo Marcelo Arenas Belón
[not found] ` <CA+zfrf-6c7BG-PDehHKh6_8zWdu=NeM9gL6zN8Ug+oT9fAOfqw@mail.gmail.com>
2022-04-27 8:31 ` Carlo Arenas
[not found] ` <CA+zfrf_mHfDXk-1VhU564YeCTW7rgDeeuORdTT61LkTESmC5Og@mail.gmail.com>
2022-04-27 9:16 ` Carlo Arenas
2022-04-27 14:04 ` Derrick Stolee [this message]
2022-04-27 16:35 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ac40f33-8144-e1a1-c3a2-bb9f818287f8@github.com \
--to=derrickstolee@github.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@m28.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).