Git development
 help / color / mirror / Atom feed
From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>
Cc: Johannes Sixt <j6t@kdbg.org>,
	git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH 10/26] Check for EOF while parsing mails
Date: Fri, 28 Apr 2017 15:33:41 +0200 (CEST)	[thread overview]
Message-ID: <alpine.DEB.2.20.1704281346480.3480@virtualbox> (raw)
In-Reply-To: <20170428112002.tjkcjjdfqenl2aie@sigill.intra.peff.net>

Hi Peff,

On Fri, 28 Apr 2017, Jeff King wrote:

> On Fri, Apr 28, 2017 at 12:41:02PM +0200, Johannes Schindelin wrote:
> 
> > But then, I guess I misunderstood what Coverity complained about:
> > maybe the problem was not so much the isspace() call but that EOF is
> > not being handled correctly. We pass it, unchecked, to ungetc().
> > 
> > It appears that I (or Coverity, if you will), missed another instance
> > where we simply passed EOF unchecked to ungetc().
> 
> I think that is also fine according to the standard.
> 
> Do you happen to have the exact error from Coverity?

Wow, that was unnecessarily hard. It is a major hassle to get to any
scan other than the latest one.

But I did it. Call me tenatious.

The report says this:

233        do {
   2. negative_return_fn: Function mingw_fgetc(f) returns a negative number.
   3. var_assign: Assigning: signed variable peek = mingw_fgetc.
234                peek = fgetc(f);
   CID 1049734: Negative array index read (NEGATIVE_RETURNS)
   4.  negative_returns: Using variable peek as an index to array sane_ctype.
235        } while (isspace(peek));
236        ungetc(peek, f);

So part of the thing is that we use mingw_fgetc() instead of fgetc().
However, the return value is *still* the one from the "real" fgetc(), even
if we intercept what appears to be a Ctrl+C from an interactive console.

> I'm wondering if it is complaining about some aspect of our custom
> isspace() when used with EOF.

That would appear to be the real issue, yes, and I should have
double-checked the claim that POSIX isspace() handles EOF properly: we
override isspace() with our own version, after all:

	#define isspace(x) sane_istest(x,GIT_SPACE)

where

	#define sane_istest(x,mask) \
		((sane_ctype[(unsigned char)(x)] & (mask)) != 0)

(rewrapped for readability)

As usual, EOF is defined as -1 in Git for Windows' context, meaning that
we look at the last entry of the sane_ctype array, which returns 0 for any
sane_istest(x,mask) test for x >= 0x80:

        /* Nothing in the 128.. range */

So it would appear that it happens to work, but I doubt that it was
intentional.

Having said that, it is really curious why Coverity should get confused by
the code and not realize that casting a negative number to (unsigned char)
will make it valid as an index for the sane_ctype array.

I double-checked, and there is no override for the isspace() function in
what Coverity calls a "model file" (i.e. pseudo code intended to helping
Coverity realize where it can stop reporting false positives).

> > The next iteration will have it completely reworked: I no longer guard
> > the isspace() behind an `!= EOF` check, but rather handle an early EOF
> > as I think it should be handled. Extra eyes very welcome (this is the
> > fixup!  patch):
> 
> I do think handling EOF explicitly is probably a better strategy anyway,
> as it lets us tell when we have an empty patch.

I agree, I came to the same conclusion independently.

Ciao,
Dscho

  reply	other threads:[~2017-04-28 13:36 UTC|newest]

Thread overview: 178+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-26 20:19 [PATCH 00/26] Address a couple of issues identified by Coverity Johannes Schindelin
2017-04-26 20:19 ` [PATCH 01/26] mingw: avoid memory leak when splitting PATH Johannes Schindelin
2017-04-26 20:19 ` [PATCH 02/26] winansi: avoid use of uninitialized value Johannes Schindelin
2017-04-26 20:19 ` [PATCH 03/26] winansi: avoid buffer overrun Johannes Schindelin
2017-04-26 20:19 ` [PATCH 04/26] add_commit_patch_id(): avoid allocating memory unnecessarily Johannes Schindelin
2017-04-26 20:19 ` [PATCH 05/26] git_config_rename_section_in_file(): avoid resource leak Johannes Schindelin
2017-04-26 20:19 ` [PATCH 06/26] get_mail_commit_oid(): " Johannes Schindelin
2017-04-26 21:06   ` Stefan Beller
2017-04-27  5:53     ` Junio C Hamano
2017-04-28 13:39       ` Johannes Schindelin
2017-04-27  6:14   ` Johannes Sixt
2017-04-28 10:02     ` Johannes Schindelin
2017-04-26 20:19 ` [PATCH 07/26] http-backend: avoid memory leaks Johannes Schindelin
2017-04-27  6:00   ` Junio C Hamano
2017-04-28  9:40     ` Johannes Schindelin
2017-05-01  1:19       ` Junio C Hamano
2017-05-01 19:05         ` Johannes Schindelin
2017-04-26 20:19 ` [PATCH 08/26] difftool: close file descriptors after reading Johannes Schindelin
2017-04-27  6:05   ` Junio C Hamano
2017-04-28  9:51     ` Johannes Schindelin
2017-04-26 20:19 ` [PATCH 09/26] status: close file descriptor after reading git-rebase-todo Johannes Schindelin
2017-04-26 20:20 ` [PATCH 10/26] Check for EOF while parsing mails Johannes Schindelin
2017-04-27  6:07   ` Junio C Hamano
2017-04-28  9:55     ` Johannes Schindelin
2017-04-27  6:20   ` Johannes Sixt
2017-04-28 10:41     ` Johannes Schindelin
2017-04-28 11:20       ` Jeff King
2017-04-28 13:33         ` Johannes Schindelin [this message]
2017-04-28 13:45           ` Jeff King
2017-04-27  6:21   ` Jeff King
2017-04-28 10:44     ` Johannes Schindelin
2017-04-28 11:08       ` Jeff King
2017-04-28 13:37         ` Johannes Schindelin
2017-04-26 20:20 ` [PATCH 11/26] cat-file: fix memory leak Johannes Schindelin
2017-04-27  6:10   ` Junio C Hamano
2017-04-28  9:59     ` Johannes Schindelin
2017-04-26 20:20 ` [PATCH 12/26] checkout: " Johannes Schindelin
2017-04-27  6:40   ` Junio C Hamano
2017-04-28 10:51     ` Johannes Schindelin
2017-04-26 20:20 ` [PATCH 13/26] split_commit_in_progress(): " Johannes Schindelin
2017-04-26 20:20 ` [PATCH 14/26] setup_bare_git_dir(): " Johannes Schindelin
2017-04-26 21:20   ` Stefan Beller
2017-04-27 22:54     ` Johannes Schindelin
2017-04-27  6:27   ` Johannes Sixt
2017-04-27 22:57     ` Johannes Schindelin
2017-04-26 20:20 ` [PATCH 15/26] setup_discovered_git_dir(): " Johannes Schindelin
2017-04-26 20:20 ` [PATCH 16/26] pack-redundant: plug " Johannes Schindelin
2017-04-26 20:21 ` [PATCH 17/26] mktree: plug memory leaks reported by Coverity Johannes Schindelin
2017-04-26 20:21 ` [PATCH 18/26] fast-export: avoid leaking memory in handle_tag() Johannes Schindelin
2017-04-27 16:39   ` Johannes Sixt
2017-04-28 10:58     ` Johannes Schindelin
2017-04-26 20:21 ` [PATCH 19/26] receive-pack: plug memory leak in update() Johannes Schindelin
2017-04-26 20:21 ` [PATCH 20/26] line-log: avoid memory leak Johannes Schindelin
2017-04-27 17:14   ` Johannes Sixt
2017-04-28 11:02     ` Johannes Schindelin
2017-04-26 20:21 ` [PATCH 21/26] shallow: " Johannes Schindelin
2017-04-26 20:21 ` [PATCH 22/26] add_reflog_for_walk: " Johannes Schindelin
2017-04-27 17:24   ` Johannes Sixt
2017-04-28 11:33     ` Johannes Schindelin
2017-04-26 20:21 ` [PATCH 23/26] remote: plug memory leak in match_explicit() Johannes Schindelin
2017-04-26 20:21 ` [PATCH 24/26] name-rev: avoid leaking memory in the `deref` case Johannes Schindelin
2017-04-26 20:21 ` [PATCH 25/26] show_worktree(): plug memory leak Johannes Schindelin
2017-04-26 20:22 ` [PATCH 26/26] submodule_uses_worktrees(): " Johannes Schindelin
2017-04-26 21:34 ` [PATCH 00/26] Address a couple of issues identified by Coverity Stefan Beller
2017-04-27 22:50   ` Johannes Schindelin
2017-04-28 18:05     ` Stefan Beller
2017-04-28 20:29       ` Automating Coverity, was " Johannes Schindelin
2017-05-01 11:22         ` Lars Schneider
2017-05-02 11:46           ` Johannes Schindelin
2017-05-05 20:30         ` Johannes Schindelin
2017-05-10 19:48           ` Johannes Schindelin
2017-05-10 19:54             ` Stefan Beller
2017-05-11 11:33               ` Johannes Schindelin
2017-04-27 17:36 ` Johannes Sixt
2017-04-28 11:36   ` Johannes Schindelin
2017-04-28 13:49 ` [PATCH v2 00/25] " Johannes Schindelin
2017-04-28 13:49   ` [PATCH v2 01/25] mingw: avoid memory leak when splitting PATH Johannes Schindelin
2017-04-28 13:49   ` [PATCH v2 02/25] winansi: avoid use of uninitialized value Johannes Schindelin
2017-04-28 13:49   ` [PATCH v2 03/25] winansi: avoid buffer overrun Johannes Schindelin
2017-04-28 13:50   ` [PATCH v2 04/25] add_commit_patch_id(): avoid allocating memory unnecessarily Johannes Schindelin
2017-04-28 13:50   ` [PATCH v2 05/25] git_config_rename_section_in_file(): avoid resource leak Johannes Schindelin
2017-04-28 13:50   ` [PATCH v2 06/25] get_mail_commit_oid(): " Johannes Schindelin
2017-04-28 13:50   ` [PATCH v2 07/25] difftool: address a couple of resource/memory leaks Johannes Schindelin
2017-04-28 13:50   ` [PATCH v2 08/25] status: close file descriptor after reading git-rebase-todo Johannes Schindelin
2017-04-28 14:02   ` [PATCH v2 09/25] mailinfo & mailsplit: check for EOF while parsing Johannes Schindelin
2017-05-02  4:11     ` Junio C Hamano
2017-05-02 13:57       ` Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 10/25] cat-file: fix memory leak Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 11/25] checkout: " Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 12/25] split_commit_in_progress(): " Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 13/25] setup_bare_git_dir(): help static analysis Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 14/25] setup_discovered_git_dir(): " Johannes Schindelin
2017-05-02  3:57     ` Junio C Hamano
2017-05-02 12:38       ` Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 15/25] pack-redundant: plug memory leak Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 16/25] mktree: plug memory leaks reported by Coverity Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 17/25] fast-export: avoid leaking memory in handle_tag() Johannes Schindelin
2017-04-28 14:03   ` [PATCH v2 18/25] receive-pack: plug memory leak in update() Johannes Schindelin
2017-04-28 14:04   ` [PATCH v2 19/25] line-log: avoid memory leak Johannes Schindelin
2017-04-28 14:04   ` [PATCH v2 20/25] shallow: " Johannes Schindelin
2017-04-28 14:04   ` [PATCH v2 21/25] add_reflog_for_walk: " Johannes Schindelin
2017-04-28 14:04   ` [PATCH v2 22/25] remote: plug memory leak in match_explicit() Johannes Schindelin
2017-04-28 14:04   ` [PATCH v2 23/25] name-rev: avoid leaking memory in the `deref` case Johannes Schindelin
2017-05-02  3:26     ` Junio C Hamano
2017-05-02  3:42       ` Junio C Hamano
2017-05-02 14:00         ` Johannes Schindelin
2017-05-04  4:22           ` Junio C Hamano
2017-04-28 14:04   ` [PATCH v2 24/25] show_worktree(): plug memory leak Johannes Schindelin
2017-05-02  3:22     ` Junio C Hamano
2017-04-28 14:04   ` [PATCH v2 25/25] submodule_uses_worktrees(): " Johannes Schindelin
2017-05-02  3:17     ` Junio C Hamano
2017-05-02 16:00   ` [PATCH v3 00/25] Address a couple of issues identified by Coverity Johannes Schindelin
2017-05-02 16:00     ` [PATCH v3 01/25] mingw: avoid memory leak when splitting PATH Johannes Schindelin
2017-05-03 19:48       ` René Scharfe
2017-05-04 10:29         ` Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 02/25] winansi: avoid use of uninitialized value Johannes Schindelin
2017-05-03 19:48       ` René Scharfe
2017-05-04 10:23         ` Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 03/25] winansi: avoid buffer overrun Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 04/25] add_commit_patch_id(): avoid allocating memory unnecessarily Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 05/25] git_config_rename_section_in_file(): avoid resource leak Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 06/25] get_mail_commit_oid(): " Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 07/25] difftool: address a couple of resource/memory leaks Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 08/25] status: close file descriptor after reading git-rebase-todo Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 09/25] mailinfo & mailsplit: check for EOF while parsing Johannes Schindelin
2017-05-02 16:01     ` [PATCH v3 10/25] cat-file: fix memory leak Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 11/25] checkout: " Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 12/25] split_commit_in_progress(): " Johannes Schindelin
2017-05-03 20:59       ` René Scharfe
2017-05-04 10:59         ` Johannes Schindelin
2017-05-06 17:13           ` René Scharfe
2017-05-09 13:39             ` Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 13/25] setup_bare_git_dir(): help static analysis Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 14/25] setup_discovered_git_dir(): plug memory leak Johannes Schindelin
2017-05-02 17:20       ` Stefan Beller
2017-05-02 18:15         ` Jeff King
2017-05-03  9:35           ` Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 15/25] pack-redundant: " Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 16/25] mktree: plug memory leaks reported by Coverity Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 17/25] fast-export: avoid leaking memory in handle_tag() Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 18/25] receive-pack: plug memory leak in update() Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 19/25] line-log: avoid memory leak Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 20/25] shallow: " Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 21/25] add_reflog_for_walk: " Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 22/25] remote: plug memory leak in match_explicit() Johannes Schindelin
2017-05-02 16:02     ` [PATCH v3 23/25] name-rev: avoid leaking memory in the `deref` case Johannes Schindelin
2017-05-02 16:03     ` [PATCH v3 24/25] show_worktree(): plug memory leak Johannes Schindelin
2017-05-02 16:03     ` [PATCH v3 25/25] submodule_uses_worktrees(): " Johannes Schindelin
2017-05-04 13:54     ` [PATCH v4 00/25] Address a couple of issues identified by Coverity Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 01/25] mingw: avoid memory leak when splitting PATH Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 02/25] winansi: avoid use of uninitialized value Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 03/25] winansi: avoid buffer overrun Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 04/25] add_commit_patch_id(): avoid allocating memory unnecessarily Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 05/25] git_config_rename_section_in_file(): avoid resource leak Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 06/25] get_mail_commit_oid(): " Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 07/25] difftool: address a couple of resource/memory leaks Johannes Schindelin
2017-05-04 13:55       ` [PATCH v4 08/25] status: close file descriptor after reading git-rebase-todo Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 09/25] mailinfo & mailsplit: check for EOF while parsing Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 10/25] cat-file: fix memory leak Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 11/25] checkout: " Johannes Schindelin
2017-05-06 17:14         ` René Scharfe
2017-05-08  0:41           ` Junio C Hamano
2017-05-09 13:42             ` Johannes Schindelin
2017-05-09 22:51               ` Junio C Hamano
2017-05-04 13:56       ` [PATCH v4 12/25] split_commit_in_progress(): simplify & " Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 13/25] setup_bare_git_dir(): help static analysis Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 14/25] setup_discovered_git_dir(): plug memory leak Johannes Schindelin
2017-05-04 13:56       ` [PATCH v4 15/25] pack-redundant: " Johannes Schindelin
2017-05-04 13:57       ` [PATCH v4 16/25] mktree: plug memory leaks reported by Coverity Johannes Schindelin
2017-05-04 13:57       ` [PATCH v4 17/25] fast-export: avoid leaking memory in handle_tag() Johannes Schindelin
2017-05-04 13:57       ` [PATCH v4 18/25] receive-pack: plug memory leak in update() Johannes Schindelin
2017-05-04 13:58       ` [PATCH v4 19/25] line-log: avoid memory leak Johannes Schindelin
2017-05-04 13:58       ` [PATCH v4 20/25] shallow: " Johannes Schindelin
2017-05-04 13:58       ` [PATCH v4 21/25] add_reflog_for_walk: " Johannes Schindelin
2017-05-04 13:59       ` [PATCH v4 22/25] remote: plug memory leak in match_explicit() Johannes Schindelin
2017-05-04 13:59       ` [PATCH v4 23/25] name-rev: avoid leaking memory in the `deref` case Johannes Schindelin
2017-05-04 13:59       ` [PATCH v4 24/25] show_worktree(): plug memory leak Johannes Schindelin
2017-05-04 13:59       ` [PATCH v4 25/25] submodule_uses_worktrees(): " Johannes Schindelin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.20.1704281346480.3480@virtualbox \
    --to=johannes.schindelin@gmx.de \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=j6t@kdbg.org \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox