subject:"Re\: \[PATCH 12\/15\] use get_commit

Re: [PATCH 12/15] use get_commit_buffer everywhere

2014-06-10 Thread Jeff King

On Tue, Jun 10, 2014 at 09:06:35AM -0700, Junio C Hamano wrote:

> > So any call to strbuf_detach on the result would be disastrous.
> 
> You are right.  Where did this original crap come from X-<...

I do not know if that face means you actually looked at the history, but
in case you did not...

It was added by Duy's 13f8b72 (Convert commit_tree() to take strbuf as
message, 2011-12-15). However that was v2 of his patch. If you read the
original thread, you can see that v1 passed a separate pointer/length
pair, and was only changed after a reviewer-who-shall-not-be-named asked
him to change it. ;)

Of course there were many people participating in the review, and none
of us noticed it. I think it is simply a subtle bug.

> > I feel like the most elegant solution is for create_notes_commit to take
> > a buf/len pair rather than a strbuf, but it unfortunately is just
> > feeding that to commit_tree. Adjusting that code path would affect quite
> > a few other spots.
> >
> > The other obvious option is actually populating the strbuf, but it feels
> > ugly to have to make a copy just to satisfy the function interface.
> >
> > Maybe a cast and a warning comment are the least evil thing, as below? I
> > dunno, it feels pretty wrong.
> 
> Yeah, it does feel wrong wrong wrong.  Perhaps this big comment
> would serve as a marker for a low-hanging fruit for somebody else to
> fix it, e.g. by using strbuf-add to make a copy, which would be the
> easiest and safest workaround?

I really think commit_tree is the culprit here. It doesn't actually want
a strbuf at all, but takes one to make passing the pointer/len pair
simpler. Fixing it turned out to be not _too_ disruptive, and it showed
that there is another dubious use of strbuf_attach from a different
caller.

I'll post my re-rolled series with those fixes in a moment.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/15] use get_commit_buffer everywhere

2014-06-10 Thread Junio C Hamano

Jeff King  writes:

> I agree it's not right, though. I think the original is questionable,
> too. It takes a pointer into the middle of partial_commit->buffer and
> attaches it to a strbuf. That's wrong because:
>
>   1. It's pointing into the middle of an allocated buffer, not the
>  beginning.
>
>   2. We do not own partial_commit->buffer in the first place.
>
> So any call to strbuf_detach on the result would be disastrous.

You are right.  Where did this original crap come from X-<...

> ... and it
> doesn't cause a bug in practice because the only use of the strbuf is to
> pass it as a const to create_notes_commit.
>
> I feel like the most elegant solution is for create_notes_commit to take
> a buf/len pair rather than a strbuf, but it unfortunately is just
> feeding that to commit_tree. Adjusting that code path would affect quite
> a few other spots.
>
> The other obvious option is actually populating the strbuf, but it feels
> ugly to have to make a copy just to satisfy the function interface.
>
> Maybe a cast and a warning comment are the least evil thing, as below? I
> dunno, it feels pretty wrong.

Yeah, it does feel wrong wrong wrong.  Perhaps this big comment
would serve as a marker for a low-hanging fruit for somebody else to
fix it, e.g. by using strbuf-add to make a copy, which would be the
easiest and safest workaround?

> diff --git a/notes-merge.c b/notes-merge.c
> index 94a1a8a..1f3b309 100644
> --- a/notes-merge.c
> +++ b/notes-merge.c
> @@ -671,7 +671,7 @@ int notes_merge_commit(struct notes_merge_options *o,
>   DIR *dir;
>   struct dirent *e;
>   struct strbuf path = STRBUF_INIT;
> - char *msg = strstr(partial_commit->buffer, "\n\n");
> + const char *msg = strstr(partial_commit->buffer, "\n\n");
>   struct strbuf sb_msg = STRBUF_INIT;
>   int baselen;
>  
> @@ -719,7 +719,15 @@ int notes_merge_commit(struct notes_merge_options *o,
>   strbuf_setlen(&path, baselen);
>   }
>  
> - strbuf_attach(&sb_msg, msg, strlen(msg), strlen(msg) + 1);
> + /*
> +  * This is a bit tricky. We should not be attaching msg, which
> +  * is not owned by us and is not even the start of a heap buffer, to a
> +  * strbuf. But the create_notes_commit interface really wants
> +  * a strbuf, even though it will only ever use it as a buf/len pair and
> +  * never modify it. So this is tentatively safe as long as nobody ever
> +  * modifies, detaches, or releases the strbuf.
> +  */
> + strbuf_attach(&sb_msg, (char *)msg, strlen(msg), strlen(msg) + 1);
>   create_notes_commit(partial_tree, partial_commit->parents, &sb_msg,
>   result_sha1);
>   if (o->verbosity >= 4)
>
> I'm still confused and disturbed that my gcc is not noticing this
> obvious const violation. Hmm, shutting off ccache seems to make it work.
> Doubly disturbing.
>
> -Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/15] use get_commit_buffer everywhere

2014-06-09 Thread Jeff King

On Mon, Jun 09, 2014 at 08:02:24PM -0400, Jeff King wrote:

> I'm still confused and disturbed that my gcc is not noticing this
> obvious const violation. Hmm, shutting off ccache seems to make it work.
> Doubly disturbing.

Ah, mystery solved. It's a gcc bug:

  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60014

I get:

  $ gcc -c -Wall -Werror -DSHA1_HEADER='"block-sha1/sha1.h"' notes-merge.c
  notes-merge.c: In function ‘notes_merge_commit’:
  notes-merge.c:723:2: error: passing argument 2 of ‘strbuf_attach’
discards ‘const’ qualifier from pointer target type [-Werror]
  ...etc...

  $ gcc -E -Wall -Werror -DSHA1_HEADER='"block-sha1/sha1.h"' notes-merge.c 
>foo.c
  $ gcc -c -Wall -Werror -DSHA1_HEADER='"block-sha1/sha1.h"' foo.c
  [no warnings from either]

ccache uses the latter technique.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/15] use get_commit_buffer everywhere

2014-06-09 Thread Jeff King

On Mon, Jun 09, 2014 at 03:40:57PM -0700, Junio C Hamano wrote:

> Jeff King  writes:
> 
> > diff --git a/notes-merge.c b/notes-merge.c
> > index 94a1a8a..7885ab2 100644
> > --- a/notes-merge.c
> > +++ b/notes-merge.c
> > @@ -671,7 +671,8 @@ int notes_merge_commit(struct notes_merge_options *o,
> > DIR *dir;
> > struct dirent *e;
> > struct strbuf path = STRBUF_INIT;
> > -   char *msg = strstr(partial_commit->buffer, "\n\n");
> > +   const char *buffer = get_commit_buffer(partial_commit);
> > +   const char *msg = strstr(buffer, "\n\n");
> 
> This tightening causes...
> 
> > struct strbuf sb_msg = STRBUF_INIT;
> > int baselen;
> >  
> > @@ -720,6 +721,7 @@ int notes_merge_commit(struct notes_merge_options *o,
> > }
> >  
> > strbuf_attach(&sb_msg, msg, strlen(msg), strlen(msg) + 1);
> 
> ...a new error here:
> 
> notes-merge.c:723:2: error: passing argument 2 of 'strbuf_attach'
> discards 'const' qualifier from pointer target type [-Werror]
> strbuf.h:19:13: note: expected 'void *' but argument is of type
> 'const char *'

That's weird. I compile with -Wall -Werror, and my gcc doesn't complain.
Hmph.

I agree it's not right, though. I think the original is questionable,
too. It takes a pointer into the middle of partial_commit->buffer and
attaches it to a strbuf. That's wrong because:

  1. It's pointing into the middle of an allocated buffer, not the
 beginning.

  2. We do not own partial_commit->buffer in the first place.

So any call to strbuf_detach on the result would be disastrous. The
compiler doesn't notice because of the const leak in strstr, and it
doesn't cause a bug in practice because the only use of the strbuf is to
pass it as a const to create_notes_commit.

I feel like the most elegant solution is for create_notes_commit to take
a buf/len pair rather than a strbuf, but it unfortunately is just
feeding that to commit_tree. Adjusting that code path would affect quite
a few other spots.

The other obvious option is actually populating the strbuf, but it feels
ugly to have to make a copy just to satisfy the function interface.

Maybe a cast and a warning comment are the least evil thing, as below? I
dunno, it feels pretty wrong.

diff --git a/notes-merge.c b/notes-merge.c
index 94a1a8a..1f3b309 100644
--- a/notes-merge.c
+++ b/notes-merge.c
@@ -671,7 +671,7 @@ int notes_merge_commit(struct notes_merge_options *o,
DIR *dir;
struct dirent *e;
struct strbuf path = STRBUF_INIT;
-   char *msg = strstr(partial_commit->buffer, "\n\n");
+   const char *msg = strstr(partial_commit->buffer, "\n\n");
struct strbuf sb_msg = STRBUF_INIT;
int baselen;

@@ -719,7 +719,15 @@ int notes_merge_commit(struct notes_merge_options *o,
strbuf_setlen(&path, baselen);
}

-   strbuf_attach(&sb_msg, msg, strlen(msg), strlen(msg) + 1);
+   /*
+* This is a bit tricky. We should not be attaching msg, which
+* is not owned by us and is not even the start of a heap buffer, to a
+* strbuf. But the create_notes_commit interface really wants
+* a strbuf, even though it will only ever use it as a buf/len pair and
+* never modify it. So this is tentatively safe as long as nobody ever
+* modifies, detaches, or releases the strbuf.
+*/
+   strbuf_attach(&sb_msg, (char *)msg, strlen(msg), strlen(msg) + 1);
create_notes_commit(partial_tree, partial_commit->parents, &sb_msg,
result_sha1);
if (o->verbosity >= 4)

I'm still confused and disturbed that my gcc is not noticing this
obvious const violation. Hmm, shutting off ccache seems to make it work.
Doubly disturbing.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/15] use get_commit_buffer everywhere

2014-06-09 Thread Junio C Hamano

Jeff King  writes:

> diff --git a/notes-merge.c b/notes-merge.c
> index 94a1a8a..7885ab2 100644
> --- a/notes-merge.c
> +++ b/notes-merge.c
> @@ -671,7 +671,8 @@ int notes_merge_commit(struct notes_merge_options *o,
>   DIR *dir;
>   struct dirent *e;
>   struct strbuf path = STRBUF_INIT;
> - char *msg = strstr(partial_commit->buffer, "\n\n");
> + const char *buffer = get_commit_buffer(partial_commit);
> + const char *msg = strstr(buffer, "\n\n");

This tightening causes...

>   struct strbuf sb_msg = STRBUF_INIT;
>   int baselen;
>  
> @@ -720,6 +721,7 @@ int notes_merge_commit(struct notes_merge_options *o,
>   }
>  
>   strbuf_attach(&sb_msg, msg, strlen(msg), strlen(msg) + 1);

...a new error here:

notes-merge.c:723:2: error: passing argument 2 of 'strbuf_attach'
discards 'const' qualifier from pointer target type [-Werror]
strbuf.h:19:13: note: expected 'void *' but argument is of type
'const char *'

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 12/15] use get_commit_buffer everywhere

Re: [PATCH 12/15] use get_commit_buffer everywhere

Re: [PATCH 12/15] use get_commit_buffer everywhere

Re: [PATCH 12/15] use get_commit_buffer everywhere

Re: [PATCH 12/15] use get_commit_buffer everywhere

5 matches

Site Navigation

Mail list logo

Footer information