Re: [PATCH 2/4] cleanup: use internal memory allocation wrapper functions everywhere

[Erik Faye-Lund <kusmabite@gmail.com>]

On Thu, Oct 6, 2011 at 6:14 PM, Brandon Casey <drafnel@gmail.com> wrote:
> [removed Alexey Shumkin from cc]
>
> On Thu, Oct 6, 2011 at 1:17 AM, Johannes Sixt <j.sixt@viscovery.net> wrote:
>> Am 10/6/2011 4:00, schrieb Brandon Casey:
>>> [resend without html bits added by "gmail offline"]
>>> On Wed, Oct 5, 2011 at 7:53 PM, Brandon Casey <drafnel@gmail.com> wrote:
>>>> On Thursday, September 15, 2011, Brandon Casey wrote:
>>>>>
>>>>> On Thu, Sep 15, 2011 at 1:52 AM, Johannes Sixt <j.sixt@viscovery.net>
>>>>>> There is a danger that the high-level die() routine (which is used by
>>>>>> the
>>>>>> x-wrappers) uses one of the low-level compat/ routines. IOW, in the case
>>>>>> of errors, recursion might occur. Therefore, I would prefer that the
>>>>>> compat/ routines do their own error reporting (preferably via return
>>>>>> values and errno).
>>>>>
>>>>> Thanks.  Will do.
>>>>
>>>> Hi Johannes,
>>>> I have taken a closer look at the possibility of recursion with respect to
>>>> die() and the functions in compat/.  It appears the risk is only related to
>>>> vsnprintf/snprintf at the moment.  So as long as we avoid calling xmalloc et
>>>> al from within snprintf.c, I think we should be safe from recursion.
>>>> I'm inclined to keep the additions to mingw.c and win32/syslog.c since they
>>>> both already use the x-wrappers or strbuf, even though they could easily be
>>>> worked around.  The other file that was touched is compat/qsort, which
>>>> returns void and doesn't have a good alternative error handling path.  So,
>>>> I'm inclined to keep that one too.
>>
>> I'm fine with keeping the change to mingw.c (getaddrinfo related) and
>> qsort: both are unlikely to be called from die().
>>
>> But syslog() *is* called from die() in git-daemon, and it would be better
>> to back out the other offenders instead of adding to them.
>
> Ah.  Yes, you're right.  x-wrappers should not be used in syslog.c and
> the use of strbuf's should be replaced.

Good point. The patch for this looks something like this:

diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c
index 42b95a9..243538c 100644
--- a/compat/win32/syslog.c
+++ b/compat/win32/syslog.c
@@ -1,5 +1,4 @@
 #include "../../git-compat-util.h"
-#include "../../strbuf.h"

 static HANDLE ms_eventlog;

@@ -16,13 +15,8 @@ void openlog(const char *ident, int logopt, int facility)

 void syslog(int priority, const char *fmt, ...)
 {
-	struct strbuf sb = STRBUF_INIT;
-	struct strbuf_expand_dict_entry dict[] = {
-		{"1", "% 1"},
-		{NULL, NULL}
-	};
 	WORD logtype;
-	char *str;
+	char *str, *pos;
 	int str_len;
 	va_list ap;

@@ -39,11 +33,20 @@ void syslog(int priority, const char *fmt, ...)
 	}

 	str = malloc(str_len + 1);
+	if (!str)
+		return; /* no chance to report error */
+
 	va_start(ap, fmt);
 	vsnprintf(str, str_len + 1, fmt, ap);
 	va_end(ap);
-	strbuf_expand(&sb, str, strbuf_expand_dict_cb, &dict);
-	free(str);
+
+	while ((pos = strstr(str, "%1")) != NULL) {
+		str = realloc(str, ++str_len + 1);
+		if (!str)
+			return;
+		memmove(pos + 2, pos + 1, strlen(pos));
+		pos[1] = ' ';
+	}

 	switch (priority) {
 	case LOG_EMERG:
@@ -66,7 +69,5 @@ void syslog(int priority, const char *fmt, ...)
 	}

 	ReportEventA(ms_eventlog, logtype, 0, 0, NULL, 1, 0,
-	    (const char **)&sb.buf, NULL);
-
-	strbuf_release(&sb);
+	    (const char **)&str, NULL);
 }