From: Junio C Hamano <junkio@cox.net>
To: Andy Whitcroft <apw@shadowen.org>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] git name-rev writes beyond the end of malloc() with large generations
Date: Tue, 15 May 2007 12:09:08 -0700 [thread overview]
Message-ID: <7vps51j44r.fsf@assigned-by-dhcp.cox.net> (raw)
In-Reply-To: <2be2ad34be511217dc735a15490f4536@pinky> (Andy Whitcroft's message of "Tue, 15 May 2007 17:33:25 +0100")
Andy Whitcroft <apw@shadowen.org> writes:
> When using git name-rev on my kernel tree I triggered a malloc()
> corruption warning from glibc.
>
> apw@pinky$ git log --pretty=one $N/base.. | git name-rev --stdin
> *** glibc detected *** malloc(): memory corruption: 0x0bff8950 ***
> Aborted
>
> This comes from name_rev() which is building the name of the revision
> in a malloc'd string, which it sprintf's into:
>
> char *new_name = xmalloc(len + 8);
> [...]
> sprintf(new_name, "%.*s~%d^%d", len, tip_name,
> generation, parent_number);
>
> This allocation is only sufficient if the generation number is
> less than 5 digits, in my case generation was 13432. In reality
> parent_number can be up to 16 so that also can require two digits,
> reducing us to 3 digits before we are at risk of blowing this
> allocation.
>
> This patch introduces a decimal_length() which approximates the
> number of digits a type may hold, it produces the following:
> ...
Does this attempt to cramp down to what's only necessary really
matter in practice in the light of malloc overhead?
It does futureproof against an insanely long "long long" on
future architectures, but I am not sure if we care either. Why
not just raise 8 to 25 or something and be done with it?
> diff --git a/git-compat-util.h b/git-compat-util.h
> index c08688c..25b8274 100644
> --- a/git-compat-util.h
> +++ b/git-compat-util.h
> @@ -19,6 +19,9 @@
> #define TYPEOF(x)
> #endif
>
> +/* Approximation of the length of the decimal representation of this type. */
> +#define decimal_length(x) ((int)(sizeof(x) * 2.56 + 0.5) + 1)
> +
> #define MSB(x, bits) ((x) & TYPEOF(x)(~0ULL << (sizeof(x) * 8 - (bits))))
>
> #if !defined(__APPLE__) && !defined(__FreeBSD__)
Having said that, clever and clean math and use of compiler's
ability always attracts me, so maybe I would end up applying
this as is.
prev parent reply other threads:[~2007-05-15 19:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-15 16:33 [PATCH] git name-rev writes beyond the end of malloc() with large generations Andy Whitcroft
2007-05-15 19:09 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vps51j44r.fsf@assigned-by-dhcp.cox.net \
--to=junkio@cox.net \
--cc=apw@shadowen.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).