On Thu, Oct 6, 2011 at 11:50 AM, Erik Faye-Lund <kusmabite@xxxxxxxxx> wrote:
> On Thu, Oct 6, 2011 at 6:14 PM, Brandon Casey <drafnel@xxxxxxxxx> wrote:
>> [removed Alexey Shumkin from cc]
>>
>> On Thu, Oct 6, 2011 at 1:17 AM, Johannes Sixt <j.sixt@xxxxxxxxxxxxx> wrote:
>>> Am 10/6/2011 4:00, schrieb Brandon Casey:
>>>> [resend without html bits added by "gmail offline"]
>>>> On Wed, Oct 5, 2011 at 7:53 PM, Brandon Casey <drafnel@xxxxxxxxx> wrote:
>>>>> On Thursday, September 15, 2011, Brandon Casey wrote:
>>>>>>
>>>>>> On Thu, Sep 15, 2011 at 1:52 AM, Johannes Sixt <j.sixt@xxxxxxxxxxxxx>
>>>>>>> There is a danger that the high-level die() routine (which is used by
>>>>>>> the
>>>>>>> x-wrappers) uses one of the low-level compat/ routines. IOW, in the case
>>>>>>> of errors, recursion might occur. Therefore, I would prefer that the
>>>>>>> compat/ routines do their own error reporting (preferably via return
>>>>>>> values and errno).
>>>>>>
>>>>>> Thanks. Will do.
>>>>>
>>>>> Hi Johannes,
>>>>> I have taken a closer look at the possibility of recursion with respect to
>>>>> die() and the functions in compat/. It appears the risk is only related to
>>>>> vsnprintf/snprintf at the moment. So as long as we avoid calling xmalloc et
>>>>> al from within snprintf.c, I think we should be safe from recursion.
>>>>> I'm inclined to keep the additions to mingw.c and win32/syslog.c since they
>>>>> both already use the x-wrappers or strbuf, even though they could easily be
>>>>> worked around. The other file that was touched is compat/qsort, which
>>>>> returns void and doesn't have a good alternative error handling path. So,
>>>>> I'm inclined to keep that one too.
>>>
>>> I'm fine with keeping the change to mingw.c (getaddrinfo related) and
>>> qsort: both are unlikely to be called from die().
>>>
>>> But syslog() *is* called from die() in git-daemon, and it would be better
>>> to back out the other offenders instead of adding to them.
>>
>> Ah. Yes, you're right. x-wrappers should not be used in syslog.c and
>> the use of strbuf's should be replaced.
>
> Good point. The patch for this looks something like this:
>
> diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c
> index 42b95a9..243538c 100644
> --- a/compat/win32/syslog.c
> +++ b/compat/win32/syslog.c
> @@ -1,5 +1,4 @@
> #include "../../git-compat-util.h"
> -#include "../../strbuf.h"
>
> static HANDLE ms_eventlog;
>
> @@ -16,13 +15,8 @@ void openlog(const char *ident, int logopt, int facility)
>
> void syslog(int priority, const char *fmt, ...)
> {
> - struct strbuf sb = STRBUF_INIT;
> - struct strbuf_expand_dict_entry dict[] = {
> - {"1", "% 1"},
> - {NULL, NULL}
> - };
> WORD logtype;
> - char *str;
> + char *str, *pos;
> int str_len;
> va_list ap;
>
> @@ -39,11 +33,20 @@ void syslog(int priority, const char *fmt, ...)
> }
>
> str = malloc(str_len + 1);
> + if (!str)
> + return; /* no chance to report error */
> +
> va_start(ap, fmt);
> vsnprintf(str, str_len + 1, fmt, ap);
> va_end(ap);
> - strbuf_expand(&sb, str, strbuf_expand_dict_cb, &dict);
> - free(str);
> +
> + while ((pos = strstr(str, "%1")) != NULL) {
> + str = realloc(str, ++str_len + 1);
> + if (!str)
> + return;
> + memmove(pos + 2, pos + 1, strlen(pos));
> + pos[1] = ' ';
> + }
Is there any reason not to just use a different character than '%'
when replacing '%n'? Like '@'? Then the replacement could be done
in-place.
e.g. convert this:
fe80::3%1
into this:
fe80::3@1
I'm not usually on a windows platform, so maybe adding the space is
the common thing to do when trying to write an ipv6 address to the
event log using ReportEvent(). If not, then I think people would
probably figure out easily enough that '@n' referred to interface 'n'.
-Brandon
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html