From: Jeff King <peff@peff.net>
To: 胡哲宁 <adlternative@gmail.com>
Cc: "Junio C Hamano" <gitster@pobox.com>,
"阿德烈 via GitGitGadget" <gitgitgadget@gmail.com>,
"Git List" <git@vger.kernel.org>
Subject: Re: [PATCH] strbuf.c: optimize program logic
Date: Sat, 30 Jan 2021 03:50:47 -0500 [thread overview]
Message-ID: <YBUd504cLUJTLEQY@coredump.intra.peff.net> (raw)
In-Reply-To: <CAOLTT8RroMdaty-SwAfK3OSeuFA7PE6ZhPCL4vgrxFxNihdGbQ@mail.gmail.com>
On Fri, Jan 29, 2021 at 02:09:12PM +0800, 胡哲宁 wrote:
> > I'm not sure that strbuf_grow() is safe, though. It relies on
> > ALLOC_GROW, which does not use st_add(), etc.
> >
> I want to say is that `strbuf_grow()` have checked overflow before
> `ALLOC_GROW`,so that `strbuf_grow()`is maybe also safe too? :)
> void strbuf_grow(struct strbuf *sb, size_t extra)
> {
> int new_buf = !sb->alloc;
> if (unsigned_add_overflows(extra, 1) ||
> unsigned_add_overflows(sb->len, extra + 1))
> die("you want to use way too much memory");
> ...
Oh, you're right. I misread it as checking only "extra", but of course
the second line there is making sure our total requested size does not
overflow.
I do think ALLOC_GROW() could still overflow internally as it sizes
larger than sb->len + extra. But this is quite unlikely on a 64-bit
system, as it would imply we're using on the order of 2^63 bytes of RAM
before we enter the function. It potentially could be a problem on a
32-bit system, though I'm not sure how much in practice (the numbers are
small enough to be reasonable, but I'm not sure it's realistic that a
single strbuf could already be using half of the available address
space).
-Peff
prev parent reply other threads:[~2021-01-30 9:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 5:06 [PATCH] strbuf.c: optimize program logic 阿德烈 via GitGitGadget
2021-01-26 6:17 ` Junio C Hamano
2021-01-26 10:44 ` 胡哲宁
2021-01-26 18:47 ` Junio C Hamano
2021-01-26 18:23 ` Jeff King
2021-01-26 20:15 ` Junio C Hamano
2021-01-29 6:09 ` 胡哲宁
2021-01-30 8:50 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBUd504cLUJTLEQY@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=adlternative@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).