From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13D5CC433F5 for ; Fri, 24 Dec 2021 04:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245610AbhLXEQg (ORCPT ); Thu, 23 Dec 2021 23:16:36 -0500 Received: from pb-smtp21.pobox.com ([173.228.157.53]:57723 "EHLO pb-smtp21.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245597AbhLXEQg (ORCPT ); Thu, 23 Dec 2021 23:16:36 -0500 Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 7087F16D7AF; Thu, 23 Dec 2021 23:16:35 -0500 (EST) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:message-id:mime-version:content-type; s=sasl; bh=agJbAXpByv6kWSxvlpbbURVh9Ok35XLcsawT7zB9TGQ=; b=hMBK wwyFgO70mtKFBkjx3GA5vmmeBsuv2GhNygoi9Mk8f8eXviptgFnC3UDaBTmThGNe OdJtBzTJVofQikrSUzLpM0x/cS38RT9EGfDkHpmgcrDL42tmgNifZuBl6r3R4Nqi WiUFTsK1HOxxXsX5wqbUOrO9QPYuOU15OHLxVQ4= Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 68D3116D7AE; Thu, 23 Dec 2021 23:16:35 -0500 (EST) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [104.133.2.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 68B9516D7AA; Thu, 23 Dec 2021 23:16:31 -0500 (EST) (envelope-from junio@pobox.com) From: Junio C Hamano To: Han-Wen Nienhuys Cc: Han-Wen Nienhuys via GitGitGadget , git@vger.kernel.org, Jeff King , =?utf-8?B?w4Z2YXIgQXJu?= =?utf-8?B?ZmrDtnLDsA==?= Bjarmason , Han-Wen Nienhuys Subject: Re: [PATCH v5 16/16] reftable: be more paranoid about 0-length memcpy calls References: Date: Thu, 23 Dec 2021 20:16:29 -0800 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: 45F52492-6470-11EC-950C-CBA7845BAAA9-77302942!pb-smtp21.pobox.com Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Han-Wen Nienhuys writes: > On Wed, Dec 22, 2021 at 11:50 PM Junio C Hamano wrote: > >> > - memcpy(r->hash_prefix, key.buf, key.len); >> > + if (key.len) >> > + memcpy(r->hash_prefix, key.buf, key.len); >> > r->hash_prefix_len = key.len; >> > >> > if (val_type == 0) { >> >> I am not sure why any of these are needed. > > I'm not sure they are needed, but IMO it's not worth spending brain > cycles on deciding either way. Checking the length is always a safe > alternative. > > I would support having a safe_memcpy() that does this check centrally > (note how our array_copy() array function also does this check, even > if it's not always needed.) But your safe_memcpy() should not be safe_memcpy(dst, src, n) { if (n) memcpy(dst, src, n); return dst; } Using memcpy() with size==0 is not a crime wrt the language. Passing an invalid pointer while doing so is. It should rather be safe_memcpy(dst, src, n) { if (dst) memcpy(dst, src, n); else if (n) BUG(...); return dst; } to support a common pattern of that lazily allocates the ptr only when len goes more than zero from triggering an error from picky runtime, compiler and tools. We want to allow "dst==NULL && n==0", while still catching "dst==NULL && n!=0" as an error. And these places, I do not think use of safe_memcpy() is relevant.