Am 26.04.2011 17:32, schrieb Nguyen Thai Ngoc Duy:
2011/4/26 Junio C Hamano<gitster@xxxxxxxxx>:
Nguyán ThÃi Ngác Duy<pclouds@xxxxxxxxx> writes:
strbuf_grow(sb, 0) may allocate less than requested len and violate the
next assertion.
Signed-off-by: Nguyán ThÃi Ngác Duy<pclouds@xxxxxxxxx>
---
strbuf.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/strbuf.h b/strbuf.h
index 07060ce..ab213da 100644
--- a/strbuf.h
+++ b/strbuf.h
@@ -34,7 +34,7 @@ extern void strbuf_grow(struct strbuf *, size_t);
static inline void strbuf_setlen(struct strbuf *sb, size_t len) {
if (!sb->alloc)
- strbuf_grow(sb, 0);
+ strbuf_grow(sb, len);
assert(len< sb->alloc);
This looks so obviously correct that it is scary.
How could 60 callsites of this function manage to have run without crashes
so far? They all happen to use the function on a buffer that already has
something on it?
I guess no current call site does _setlen right after initialization.
It's new code that triggers it.
Documentation/technical/api-strbuf.txt says that you can't use
strbuf_setlen() to allocate more space for a strbuf, i.e. you can use it
only to shorten a string or set it to its current length. If the strbuf
in question hasn't allocated any buffer at all (sb->alloc == 0) then the
only valid len is zero.
Where is it used to extend strbufs, i.e. which is the new code you
mentioned?
RenÃ
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html