From: Junio C Hamano <gitster@pobox.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: Jeff King <peff@peff.net>,
git@vger.kernel.org, Ben Stav <benstav@miggo.io>
Subject: Re: [PATCH] attr: avoid recursion when expanding attribute macros
Date: Wed, 12 Nov 2025 09:40:31 -0800 [thread overview]
Message-ID: <xmqqjyzvqhdc.fsf@gitster.g> (raw)
In-Reply-To: <aRQvyvMq61syGT7_@pks.im> (Patrick Steinhardt's message of "Wed, 12 Nov 2025 07:57:14 +0100")
Patrick Steinhardt <ps@pks.im> writes:
> That's fair, and as you demonstrate it's easy enough to turn recursion
> into iteration. But it doesn't really solve the main problem: given
> malicious input we'd now still crash eventually, even though we
> ...
> So the evil garbage would continue to be a nuisance for users who want
> to clone such a repository, but now it's going to be more of a nuisance
> for hosting sites given that it could lead to out-of-memory situations.
That assumes there are users who want to clone such a repository
with evil garbage in it, doesn't it? I am not sure how likely there
exist such people, and even less sure if we want to actively support
such users or discourage them.
I like the conversion from recursion to iteraiton as a general
principle, but somehow I do not think this particular one is an
issue that warrants more than minimum effort on it.
I also wonder how common the use of attribute macros (other than the
built-in ones) are. Are folks working at hosting sites have easy
access to public data (i.e., super "git grep" that lets them sample
some random subset among many public repositories and work on them)?
Thanks.
prev parent reply other threads:[~2025-11-12 17:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-11 22:36 [PATCH] attr: avoid recursion when expanding attribute macros Jeff King
2025-11-12 1:30 ` Ben Knoble
2025-11-12 7:09 ` Jeff King
2025-11-12 7:17 ` Jeff King
2025-11-12 6:57 ` Patrick Steinhardt
2025-11-12 7:16 ` Jeff King
2025-11-12 10:21 ` Patrick Steinhardt
2025-11-12 17:40 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqjyzvqhdc.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=benstav@miggo.io \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).