From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [PATCH] pkt-line: don't check string length in packet_length()
Date: Tue, 04 Jul 2023 22:56:32 -0700 [thread overview]
Message-ID: <xmqqttui3nqn.fsf@gitster.g> (raw)
In-Reply-To: <89d58db7-6a01-b3fa-54f0-19d5a3819eb3@web.de> ("René Scharfe"'s message of "Sat, 1 Jul 2023 09:05:15 +0200")
René Scharfe <l.s.r@web.de> writes:
> hex2chr() takes care not to run over the end of a short string.
> 101736a14c (pkt-line: extern packet_length(), 2020-05-19) turned the
> input parameter of packet_length() from a string pointer into an array
> of known length, making string length checks unnecessary. Get rid of
> them by using hexval() directly.
I am puzzled about the part of the above description on "making
string length checks unnecessary". The two callers we currently
have both do pass char[4], but the compiler would not stop us from
passing a pointer to a memory region of an unknown size; if we
butcher one of the current callers
diff --git c/pkt-line.c w/pkt-line.c
index 6e022029ca..e1c49baefd 100644
--- c/pkt-line.c
+++ w/pkt-line.c
@@ -421,7 +421,7 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
return PACKET_READ_EOF;
}
- len = packet_length(linelen);
+ len = packet_length(buffer);
if (len < 0) {
if (options & PACKET_READ_GENTLE_ON_READ_ERROR)
where "buffer" is just a random piece of memory passed to the caller
and there is no such guarantee like "it at least is 4 bytes long",
we would just slurp garbage and run past the end of the buffer.
> The resulting branchless code is simpler and it becomes easier to see
> that the function mirrors set_packet_header().
I do like the resulting code, but I feel a bit uneasy to sell this
change as "the code becomes more streamlined without losing safety".
It looks more like "this change is safe for our two callers; those
adding more callers in the future are better be very careful", no?
next prev parent reply other threads:[~2023-07-05 5:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-01 7:05 [PATCH] pkt-line: don't check string length in packet_length() René Scharfe
2023-07-05 5:56 ` Junio C Hamano [this message]
2023-07-05 16:15 ` René Scharfe
2023-07-05 20:33 ` Junio C Hamano
2023-07-05 21:11 ` René Scharfe
2023-07-05 22:27 ` Junio C Hamano
2023-07-06 5:07 ` René Scharfe
2023-07-07 21:47 ` [PATCH v2] pkt-line: add size parameter to packet_length() René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttui3nqn.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).