From: Eric Sunshine <sunshine@sunshineco.com>
To: "Martin Ågren" <martin.agren@gmail.com>
Cc: Git List <git@vger.kernel.org>, Emily Shaffer <emilyshaffer@google.com>
Subject: Re: [PATCH] progress: don't dereference before checking for NULL
Date: Mon, 10 Aug 2020 17:26:59 -0400 [thread overview]
Message-ID: <CAPig+cTsxAW=s1iXcK_-Kn+xiSNCm_u_o_Q2xm-0+a_v4qc5_w@mail.gmail.com> (raw)
In-Reply-To: <20200810194748.1483784-1-martin.agren@gmail.com>
On Mon, Aug 10, 2020 at 3:48 PM Martin Ågren <martin.agren@gmail.com> wrote:
> In `stop_progress()`, we're careful to check that `p_progress` is
> non-NULL before we dereference it, but by then we have already
> dereferenced it when calling `finish_if_sparse(*p_progress)`. And, for
> what it's worth, we'll go on to blindly dereference it again inside
> `stop_progress_msg()`.
>
> We could return early if we get a NULL-pointer, but let's go one step
> further and BUG instead. The progress API handles NULL just fine, but
> that's the NULL-ness of `*p_progress`, e.g., when running with
> `--no-progress`. If `p_progress` is NULL, chances are that's a mistake.
> For symmetry, let's do the same check in `stop_progress_msg()`, too.
>
> Signed-off-by: Martin Ågren <martin.agren@gmail.com>
> ---
> diff --git a/progress.c b/progress.c
> @@ -319,9 +319,12 @@ static void finish_if_sparse(struct progress *progress)
> void stop_progress(struct progress **p_progress)
> {
> + if (!p_progress)
> + BUG("don't provide NULL to stop_progress");
> +
> finish_if_sparse(*p_progress);
I'm wondering what this really buys us over simply crashing due to the
NULL dereference (aside from the slightly more informative diagnostic
message). Either way, it's going to crash, as it should because
passing NULL is indeed a programmer error for these two functions. I'm
pretty sure that it is more common in this project simply to allow a
programmer error like this simply to crash on its own rather than
adding code to make it crash explicitly.
> - if (p_progress && *p_progress) {
> + if (*p_progress) {
In other words, I think the entire patch can be reduced to just this
change here (and a simplified commit message).
next prev parent reply other threads:[~2020-08-10 21:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-10 19:47 [PATCH] progress: don't dereference before checking for NULL Martin Ågren
2020-08-10 21:26 ` Eric Sunshine [this message]
2020-08-11 4:28 ` Martin Ågren
2020-08-11 15:41 ` Taylor Blau
2020-08-10 21:57 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPig+cTsxAW=s1iXcK_-Kn+xiSNCm_u_o_Q2xm-0+a_v4qc5_w@mail.gmail.com' \
--to=sunshine@sunshineco.com \
--cc=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=martin.agren@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).