Andy Whitcroft <apw@xxxxxxxxxxxx> writes: > When using git name-rev on my kernel tree I triggered a malloc() > corruption warning from glibc. > > apw@pinky$ git log --pretty=one $N/base.. | git name-rev --stdin > *** glibc detected *** malloc(): memory corruption: 0x0bff8950 *** > Aborted > > This comes from name_rev() which is building the name of the revision > in a malloc'd string, which it sprintf's into: > > char *new_name = xmalloc(len + 8); > [...] > sprintf(new_name, "%.*s~%d^%d", len, tip_name, > generation, parent_number); > > This allocation is only sufficient if the generation number is > less than 5 digits, in my case generation was 13432. In reality > parent_number can be up to 16 so that also can require two digits, > reducing us to 3 digits before we are at risk of blowing this > allocation. > > This patch introduces a decimal_length() which approximates the > number of digits a type may hold, it produces the following: > ... Does this attempt to cramp down to what's only necessary really matter in practice in the light of malloc overhead? It does futureproof against an insanely long "long long" on future architectures, but I am not sure if we care either. Why not just raise 8 to 25 or something and be done with it? > diff --git a/git-compat-util.h b/git-compat-util.h > index c08688c..25b8274 100644 > --- a/git-compat-util.h > +++ b/git-compat-util.h > @@ -19,6 +19,9 @@ > #define TYPEOF(x) > #endif > > +/* Approximation of the length of the decimal representation of this type. */ > +#define decimal_length(x) ((int)(sizeof(x) * 2.56 + 0.5) + 1) > + > #define MSB(x, bits) ((x) & TYPEOF(x)(~0ULL << (sizeof(x) * 8 - (bits)))) > > #if !defined(__APPLE__) && !defined(__FreeBSD__) Having said that, clever and clean math and use of compiler's ability always attracts me, so maybe I would end up applying this as is. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
