'Re: [PATCHv3 1/4] notes: don't leak memory in git_config_get_notes_strategy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       git
Subject:    Re: [PATCHv3 1/4] notes: don't leak memory in git_config_get_notes_strategy
From:       Jeff King <peff () peff ! net>
Date:       2016-03-31 23:32:52
Message-ID: 20160331233252.GB6120 () sigill ! intra ! peff ! net
[Download RAW message or body]

On Thu, Mar 31, 2016 at 05:08:30PM -0400, Eric Sunshine wrote:

> On Thu, Mar 31, 2016 at 2:04 PM, Stefan Beller <sbeller@google.com> wrote:
> > `value` is just a temporary scratchpad, so we need to make sure it doesn't
> > leak. It is xstrdup'd in `git_config_get_string_const` and
> > `parse_notes_merge_strategy` just compares the string against predefined
> > values, so no need to keep it around longer. Instead of using
> > `git_config_get_string_const`, use `git_config_get_value`, which doesn't
> > return a copy.
> >
> > Signed-off-by: Stefan Beller <sbeller@google.com>
> > ---
> > diff --git a/builtin/notes.c b/builtin/notes.c
> > @@ -746,7 +746,7 @@ static int git_config_get_notes_strategy(const char *key,
> >  {
> >         const char *value;
> >
> > -       if (git_config_get_string_const(key, &value))
> > +       if (git_config_get_value(key, &value))
> 
> Hmm, doesn't this introduce a rather severe regression? Unless I'm
> misreading the code (possible), with the original, if 'key' was
> boolean (lacked a value in the config file), then it would complain:
> 
>     Missing value for 'floop.blork'
> 
> but, with this change, it will dereference NULL and crash.
> 
> (My understanding was that Peff's suggestion to use
> git_config_get_value() implied a bit of work beyond the simple textual
> substitution of 'git_config_get_value' for
> 'git_config_get_string_const'.)

Ah, yeah, I didn't even think about that case. I was thinking that
wouldn't it be nice if we had:

  const char *git_config_get_string(const char *key);

which would be a much more natural interface. But the reason we don't is
that we have to represent the "NULL as boolean true" case in the first
place.

So I dunno. Getting the NULL-handling for free is rather nice, and maybe
worth using the normal git_config_get_string(). It's too bad there's not
a variant that just returns a non-allocated pointer, but given that
there is already a confusing proliferation of functions to retrieve a
config string, it's hard to justify adding another.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic