On Thu, Oct 6, 2011 at 6:14 PM, Brandon Casey <drafnel@xxxxxxxxx> wrote:
> [removed Alexey Shumkin from cc]
>
> On Thu, Oct 6, 2011 at 1:17 AM, Johannes Sixt <j.sixt@xxxxxxxxxxxxx> wrote:
>> Am 10/6/2011 4:00, schrieb Brandon Casey:
>>> [resend without html bits added by "gmail offline"]
>>> On Wed, Oct 5, 2011 at 7:53 PM, Brandon Casey <drafnel@xxxxxxxxx> wrote:
>>>> On Thursday, September 15, 2011, Brandon Casey wrote:
>>>>>
>>>>> On Thu, Sep 15, 2011 at 1:52 AM, Johannes Sixt <j.sixt@xxxxxxxxxxxxx>
>>>>>> There is a danger that the high-level die() routine (which is used by
>>>>>> the
>>>>>> x-wrappers) uses one of the low-level compat/ routines. IOW, in the case
>>>>>> of errors, recursion might occur. Therefore, I would prefer that the
>>>>>> compat/ routines do their own error reporting (preferably via return
>>>>>> values and errno).
>>>>>
>>>>> Thanks. Will do.
>>>>
>>>> Hi Johannes,
>>>> I have taken a closer look at the possibility of recursion with respect to
>>>> die() and the functions in compat/. It appears the risk is only related to
>>>> vsnprintf/snprintf at the moment. So as long as we avoid calling xmalloc et
>>>> al from within snprintf.c, I think we should be safe from recursion.
>>>> I'm inclined to keep the additions to mingw.c and win32/syslog.c since they
>>>> both already use the x-wrappers or strbuf, even though they could easily be
>>>> worked around. The other file that was touched is compat/qsort, which
>>>> returns void and doesn't have a good alternative error handling path. So,
>>>> I'm inclined to keep that one too.
>>
>> I'm fine with keeping the change to mingw.c (getaddrinfo related) and
>> qsort: both are unlikely to be called from die().
>>
>> But syslog() *is* called from die() in git-daemon, and it would be better
>> to back out the other offenders instead of adding to them.
>
> Ah. Yes, you're right. x-wrappers should not be used in syslog.c and
> the use of strbuf's should be replaced.
Good point. The patch for this looks something like this:
diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c
index 42b95a9..243538c 100644
--- a/compat/win32/syslog.c
+++ b/compat/win32/syslog.c
@@ -1,5 +1,4 @@
#include "../../git-compat-util.h"
-#include "../../strbuf.h"
static HANDLE ms_eventlog;
@@ -16,13 +15,8 @@ void openlog(const char *ident, int logopt, int facility)
void syslog(int priority, const char *fmt, ...)
{
- struct strbuf sb = STRBUF_INIT;
- struct strbuf_expand_dict_entry dict[] = {
- {"1", "% 1"},
- {NULL, NULL}
- };
WORD logtype;
- char *str;
+ char *str, *pos;
int str_len;
va_list ap;
@@ -39,11 +33,20 @@ void syslog(int priority, const char *fmt, ...)
}
str = malloc(str_len + 1);
+ if (!str)
+ return; /* no chance to report error */
+
va_start(ap, fmt);
vsnprintf(str, str_len + 1, fmt, ap);
va_end(ap);
- strbuf_expand(&sb, str, strbuf_expand_dict_cb, &dict);
- free(str);
+
+ while ((pos = strstr(str, "%1")) != NULL) {
+ str = realloc(str, ++str_len + 1);
+ if (!str)
+ return;
+ memmove(pos + 2, pos + 1, strlen(pos));
+ pos[1] = ' ';
+ }
switch (priority) {
case LOG_EMERG:
@@ -66,7 +69,5 @@ void syslog(int priority, const char *fmt, ...)
}
ReportEventA(ms_eventlog, logtype, 0, 0, NULL, 1, 0,
- (const char **)&sb.buf, NULL);
-
- strbuf_release(&sb);
+ (const char **)&str, NULL);
}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html