On Mon, Aug 28, 2023 at 02:50:34PM +0200, Drew DeVault wrote:
> Rather than replacing the configured subject prefix (either through the
> git config or command line) entirely with "RFC PATCH", this change
> prepends RFC to whatever subject prefix was already in use.
>
> This is useful, for example, when a user is working on a repository that
> has a subject prefix considered to disambiguate patches:
>
> git config format.subjectPrefix 'PATCH my-project'
>
> Prior to this change, formatting patches with --rfc would lose the
> 'my-project' information.
This sounds like a good change to me. It would be backwards-incompatible
for anybody expecting:
git format-patch --subject=foo --rfc
to override the --subject line, but that seems rather unlikely.
> Implementation note: this introduces a small memory leak, but freeing it
> requires a non-trivial amount of refactoring and some dubious choices
> that I was not sure of for a small patch; and it seems like memory leaks
> in this context are tolerated anyway from a perusal of the existing
> code.
We do have a lot of small leaks like this, but we've been trying to
clean them up slowly. There's some infrastructure in the test suite for
marking scripts as leak-free, but t4014 is not yet there, so this
won't cause CI to complain at this point.
It is tempting while we are here and thinking about it to put in an easy
hack, like storing the allocated string in a static variable.
> static int rfc_callback(const struct option *opt, const char *arg, int unset)
> {
> + int n;
> + char *prefix;
> + const char *prev;
> +
> BUG_ON_OPT_NEG(unset);
> BUG_ON_OPT_ARG(arg);
> - return subject_prefix_callback(opt, "RFC PATCH", unset);
> +
> + prev = ((struct rev_info *)opt->value)->subject_prefix;
> + assert(prev != NULL);
> + n = snprintf(NULL, 0, "RFC %s", prev);
> + assert(n > 0);
> + prefix = xmalloc(n + 1);
> + n = snprintf(prefix, n + 1, "RFC %s", prev);
> + assert(n > 0);
> +
> + return subject_prefix_callback(opt, prefix, unset);
> }
We try to avoid manually computing string sizes like this, since it's
error-prone and can be subject to integer overflow attacks (not in this
case, but every instance makes auditing harder). You can use xstrfmt()
instead.
Coupled with the leak-hack from above, maybe just:
diff --git a/builtin/log.c b/builtin/log.c
index db3a88bfe9..579c3a2419 100644
--- a/builtin/log.c
+++ b/builtin/log.c
@@ -1476,9 +1476,19 @@ static int subject_prefix_callback(const struct option *opt, const char *arg,
static int rfc_callback(const struct option *opt, const char *arg, int unset)
{
+ /*
+ * "avoid" leak by holding on to a reference to the memory, since we
+ * need the string for the lifetime of the process anyway
+ */
+ static char *prefix;
+
BUG_ON_OPT_NEG(unset);
BUG_ON_OPT_ARG(arg);
- return subject_prefix_callback(opt, "RFC PATCH", unset);
+
+ free(prefix);
+ prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix);
+
+ return subject_prefix_callback(opt, prefix, unset);
}
static int numbered_cmdline_opt = 0;
The rest of the patch (docs and tests) looked good to me.
