From: Junio C Hamano <gitster@pobox.com>
To: Bill Lear <rael@zopyra.com>
Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, git@vger.kernel.org
Subject: Re: [PATCH 1/4] Add xmallocz()
Date: Tue, 26 Jan 2010 12:47:02 -0800 [thread overview]
Message-ID: <7v1vhczj95.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <19295.21148.182245.516321@blake.zopyra.com> (Bill Lear's message of "Tue\, 26 Jan 2010 14\:37\:48 -0600")
Bill Lear <rael@zopyra.com> writes:
> On Tuesday, January 26, 2010 at 20:24:12 (+0200) Ilari Liusvaara writes:
>>Add routine for allocating NUL-terminated memory block without risking
>>integer overflow in addition of +1 for NUL byte.
>>...
>> void *xmemdupz(const void *data, size_t len)
>> {
>>- char *p = xmalloc(len + 1);
>>+ char *p = xmallocz(len);
>> memcpy(p, data, len);
>> p[len] = '\0';
>> return p;
>
> Do you need the statement
>
> p[len] = '\0';
>
> any longer in the above? If not, could you just do this:
>
> void *xmemdupz(const void *data, size_t len)
> {
> return memcpy(xmallocz(len), data, len);
> }
I think the intention to name it xmallocz() was "This is to allocate
buffer to hold 'len' bytes worth of stuff, and between the caller and this
function the buffer is arranged to be NUL terminated". Even though none
of the existing callers of xmalloc() expected the function to do the NUL
termination (hence they do NUL termination themselves), I _think_ Ilari
made the function to do this because its name now ends with "z" that hints
the callers such a NUL-termination might happen inside the function.
I'd rather see the function lose the NUL termination; if that makes the
behaviour inconsistent with its name, perhaps it is better to rename the
function; perhaps xmalloc1() to denote that it overallocates by one?
next prev parent reply other threads:[~2010-01-26 20:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-26 18:24 [PATCH 0/4] Fix various integer overflows Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 1/4] Add xmallocz() Ilari Liusvaara
2010-01-26 20:37 ` Bill Lear
2010-01-26 20:47 ` Junio C Hamano [this message]
2010-01-26 20:52 ` Junio C Hamano
2010-01-26 21:13 ` Ilari Liusvaara
2010-01-26 20:56 ` Bill Lear
2010-01-26 18:24 ` [PATCH 2/4] Fix integer overflow in patch_delta() Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 3/4] Fix integer overflow in unpack_sha1_rest() Ilari Liusvaara
2010-01-26 18:24 ` [PATCH 4/4] Fix integer overflow in unpack_compressed_entry() Ilari Liusvaara
2010-01-26 19:58 ` [PATCH 0/4] Fix various integer overflows Junio C Hamano
2010-01-27 8:59 ` Stephen R. van den Berg
2010-01-27 9:57 ` Ilari Liusvaara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7v1vhczj95.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=ilari.liusvaara@elisanet.fi \
--cc=rael@zopyra.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).