Sorry for not getting around to this again all week. I'll try to
reroll later today...
Jeff King wrote:
> 1. How did you determine the set of callsites? Did you check that each
> non-syscall function always sets errno? Are there are functions
> which are setting errno which could also be included?
Basically by 'git grep die | grep -v errno' and then looking at the
code immediately before the die(). Rather tedious, but I couldn't see
an obvious way to automate the task.
As for the non-syscall functions, at first I had a longer list but I
eventually settled with the ones mentioned, but I decided it was too
risky and just stuck with those that are very clear:
> On Tue, Jun 02, 2009 at 11:34:33PM +0200, Thomas Rast wrote:
> > odb_pack_keep
Tries open() in two ways, but can only return <0 by passing the return
value of the second.
> > read_ancestry
Only returns -1 if fopen() returned NULL.
> > read_in_full
Only returns <=0 if xread() returned <=0, which in turn only happens
if read() returned <0.
> > strbuf_read
Returns -1 if xread() did so.
> > strbuf_read_file
Returns -1 if open() or strbuf_read() failed.
> > strbuf_readlink
Returns -1 if readlink() failed. (The other option, that the buffer
was still too small at STRBUF_MAXLINK, would imply that readlink()
wanted to return more than PATH_MAX chars.)
> > write_buffer
I'll drop this one, I missed that it actually does its own errno
reporting already. (Other than that it's just a thin wrapper around
write_in_full.)
> > write_in_full
Symmetric to read_in_full: only returns <=0 if xwrite() did, which in
turn only happens if write() returned <0.
There were lots of cases that aren't quite as clear-cut. For example,
there are many call sites where the index is written out that look
like
if (write_cache(fd, active_cache, active_nr) ||
close_lock_file(&index_lock))
die("unable to write new_index file");
Dealing with those will be somewhat more complicated, as the error
case is not all that clearly defined. But at least at a quick glance,
write_cache does not even indicate what file it failed to write.
> 2. Extra error conditions may leak information about the filesystem to
> people feeding bogus paths to upload-pack. I didn't see anything
> obvious in your patch that would cause this, but it is something to
> consider.
Good point.
> > - die("closing file %s: %s", path, strerror(errno));
> > + die("closing file '%s': %s", path, strerror(errno));
>
> This one is actually just a style change, though I think it is
> worthwhile (and there are a few others like it).
Yes, as I was already going through the calls I thought some
consistency would be nice.
--
Thomas Rast
trast@{inf,student}.ethz.ch
Attachment:
signature.asc
Description: This is a digitally signed message part.