Alex Riesen wrote:
> 2009/6/15 Jim Meyering <jim@xxxxxxxxxxxx>:
>> Alex Riesen wrote:
>>> 2009/6/14 Jim Meyering <jim@xxxxxxxxxxxx>:
>>>> @@ -231,7 +231,7 @@ static int read_merge_config(const char *var, const char *value, void *cb)
>>>>
>>>> if (!strcmp(var, "merge.default")) {
>>>> if (value)
>>>> - default_ll_merge = strdup(value);
>>>> + default_ll_merge = xstrdup(value);
>>>
>>> read_merge_config has a failure mode (where it returns -1), why not use it?
>>
>> I didn't even consider it, because it would be inconsistent with
>> the other heap-allocation functions used there (xcalloc, xmemdupz).
>>
>> However, now that I do, it looks like that would mean adding four times
>> the same code (including conditionals and code to generate a diagnostic via
>> a call to error -- or a goto). Why bother, when all of that is already
>> encapsulated in xmalloc?
>
> So that a useful error message can be given in the _caller_ (it knows
> more about context)?
So you want to tell the user that we failed
to strdup the "merge.default" value?
Or the "driver" value?
Given the apparently-high cost/benefit ratio, I would not bother. I.e.,
this failure is so unlikely to trigger, and when it does, knowing for which
config value strdup failed is even less likely to be useful,
that minimal diagnostics should be fine.
Of more general interest, when xstrdup fails, it might be useful to
include in the diagnostic how long the would-be-dup'd string was. I.e.,
rather than saying
die("Out of memory, strdup failed");
say
die("Out of memory, failed to strdup a %lu-byte string",
(unsigned long int) strlen(str));
Then, you have at least a clue as to whether the failure
is due to some ridiculously-long string value, or to some
unrelated-to-config, systemic problem.
> Otherwise the error message ("Out of memory, strdup failed") does not
> have anything about the place nor situation in it. As the situations
> when a modern system really runs out of memory are very rare,
> mostly such reports just point at some inconsistency elsewhere
Exactly. This is why I think it's not worthwhile to invest in
a more precise diagnostic, here.
> (like bloody stupid memory management in system support libraries
> on an OS-not-to-be-named-again or the usual corruption of heap
> control structures).
>
> Besides, xstrdup does more then just allocation: it tries to free global
> list of cached pack chunks. This does not play very well with the efforts
> to make a library out of the modern Git code.
Ahh... librarification. This is a slightly different topic.
I see existing uses of xcalloc and xmemdupz, not to
mention "error" calls, and conclude that this function is
not library caliber code, so there's no need to invest.
If you want a version of this function that is more library-friendly,
then that will be more work. However, I think librarification should
be addressed separately from this simple patch to avoid a potential NULL
dereference (and *no* diagnostic).
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html