"Alex Riesen" <raa.lkml@xxxxxxxxx> writes:
> From: Alex Riesen <raa.lkml@xxxxxxxxx>
> Date: Tue, 14 Oct 2008 18:14:20 +0200
> Subject: [PATCH] Fix mkpath abuse in sha1_name.c
>
> Otherwise the function sometimes fail to resolve obviously correct refnames,
> because the string data pointed to by "ref" argument were reused.
>
> Signed-off-by: Alex Riesen <raa.lkml@xxxxxxxxx>
The get_pathname() interface has been handy but it indeed is a bug waiting
to happen, and we have fixed occasional breakages by fixing the earlier
callers to stash the returned value away to keep it from getting
overwritten. I.e. when we have:
str1 = function_that_uses_get_pathname();
...
str2 = another_function_that_uses_get_pathname();
some_processing(str1, str2);
and we have too many other calls to functions that use get_pathname() in
the ... section, str1 will become invalid when we try to feed it to
some_processing(). So far our strategy to fix this kind of breakages has
been to rewrite the above to:
str1 = xstrdup(function_that_uses_get_pathname());
...
str2 = another_function_that_uses_get_pathname();
some_processing(str1, str2);
free(str1);
But your patch instead rewrites the computation of str2 by bypassing the
call to "another_function_that_uses_get_pathname()" and duplicating its
logic, which I do not think is a viable approach in the longer term.
> diff --git a/sha1_name.c b/sha1_name.c
> index 41b6809..b5b53bf 100644
> --- a/sha1_name.c
> +++ b/sha1_name.c
> @@ -242,6 +242,7 @@ int dwim_ref(const char *str, int len, unsigned char *sha1, char **ref)
> {
> const char **p, *r;
> int refs_found = 0;
> + char fullref[PATH_MAX];
>
> *ref = NULL;
> for (p = ref_rev_parse_rules; *p; p++) {
> @@ -249,7 +250,8 @@ int dwim_ref(const char *str, int len, unsigned char *sha1, char **ref)
> unsigned char *this_result;
>
> this_result = refs_found ? sha1_from_ref : sha1;
> - r = resolve_ref(mkpath(*p, len, str), this_result, 1, NULL);
> + snprintf(fullref, sizeof(fullref), *p, len, str);
> + r = resolve_ref(fullref, this_result, 1, NULL);
> if (r) {
> if (!refs_found++)
> *ref = xstrdup(r);
I suspect that I am grossly misleading the code, but I wonder why this xstrdup()
is not protecting us from the reusing of "the string data pointed to by
"ref" argument". Are you fixing the overwriting of the string pointed to
by "str" argument instead?
What specific call chain has this breakage you found?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
