From: Matthew DeVore <matvore@comcast.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Matthew DeVore <matvore@google.com>,
git@vger.kernel.org, jonathantanmy@google.com, jrn@google.com,
dstolee@microsoft.com, jeffhost@microsoft.com,
jrnieder@gmail.com, pclouds@gmail.com, emilyshaffer@google.com
Subject: Re: [PATCH v2 6/9] list-objects-filter-options: make filter_spec a strbuf
Date: Tue, 11 Jun 2019 11:44:27 -0700 [thread overview]
Message-ID: <20190611184426.GB58112@comcast.net> (raw)
In-Reply-To: <xmqqtvcwkowx.fsf@gitster-ct.c.googlers.com>
On Tue, Jun 11, 2019 at 10:33:18AM -0700, Junio C Hamano wrote:
> Matthew DeVore <matvore@comcast.net> writes:
>
> >> convention, and it may even be a useful one (i.e. it allows you to
> >> calloc() a structure with an embedded strbuf in it and the "if
> >> .buf==NULL, call strbuf_init() lazily" can become an established
> >> pattern), but at the same time it feels a bit brittle.
> >
> > Is it brittle because a strbuf may be initialized to non-zero memory, and so
> > the "if (buf.buf == NULL)" may evaluate to false, and then go on treating
> > garbage like a valid buffer?
>
> It is brittle because callers are bound to forget doing "if
> (!x->buf.buf) lazy_init(&x->buf)" at some point, and blindly use an
> uninitialized x->buf. Making sure x->buf is always initialized
A corallary proposition would be to make this particular strbuf a "struct
strbuf *" rather than an inline strbuf. It should then be rather clear to users
that it may be null. Then whoever allocates the memory can also do the
strbuf_init one-liner. The free'ing logic of list_objects_filter_options then
only becomes trivially more complicated than it was before. Does that sound
like a good compromise to you?
> before any caller touches is the only way to solve it, and as you
> said, there are two possible ways to make that happen. One way that
> does not violate the current API contract is to make sure whoever
> allocates and/or initializes the surrounding struct that embeds a
> strbuf does strbuf_init(&x->buf) before any user sees the struct.
The thing I don't like about that is that the non-zeroness of its
initialization percolates upward to whatever the top-level struct is, which
means implementation details leak a lot. This seems quite brittle as well,
since anyone can forget to initialize some struct in the nested line.
>
> Another would be to update strbuf API so that strbuf_init() does not
> even have to use slopbuf. But that is a much larger change that
> potentially breaks existing users of strbuf API. When you have a
> strbuf that has been prepared to be usable, the current API contract
> allows its users to expect buf.buf is never NULL, so they assume
> that they can safely write "if (!buf.buf)", so auditing strbuf.c and
> making sure a strbuf with buf==NULL gets lazily initialized is not
> enough.
That's true. I didn't think it matters in the case of filter_spec in
particular, since users of list_objects_filter_options are supposed to use an
accessor and not touch the strbuf directly, but looking at it like a more
general API change, it seems risky.
next prev parent reply other threads:[~2019-06-11 18:45 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-01 0:35 [PATCH v2 0/9] Filter combination Matthew DeVore
2019-06-01 0:35 ` [PATCH v2 1/9] list-objects-filter: make API easier to use Matthew DeVore
2019-06-01 0:35 ` [PATCH v2 2/9] list-objects-filter: put omits set in filter struct Matthew DeVore
2019-06-01 0:35 ` [PATCH v2 3/9] list-objects-filter-options: always supply *errbuf Matthew DeVore
2019-06-01 0:35 ` [PATCH v2 4/9] list-objects-filter: implement composite filters Matthew DeVore
2019-06-03 21:51 ` Jeff Hostetler
2019-06-06 22:32 ` Matthew DeVore
2019-06-07 17:58 ` Jeff Hostetler
2019-06-01 0:35 ` [PATCH v2 5/9] list-objects-filter-options: move error check up Matthew DeVore
2019-06-01 0:36 ` [PATCH v2 6/9] list-objects-filter-options: make filter_spec a strbuf Matthew DeVore
2019-06-10 20:13 ` Junio C Hamano
2019-06-11 0:34 ` Matthew DeVore
2019-06-11 17:33 ` Junio C Hamano
2019-06-11 18:44 ` Matthew DeVore [this message]
2019-06-11 21:34 ` Matthew DeVore
2019-06-11 21:48 ` Junio C Hamano
2019-06-12 0:37 ` Matthew DeVore
2019-06-12 14:55 ` Matthew DeVore
2019-06-01 0:36 ` [PATCH v2 7/9] list-objects-filter-options: allow mult. --filter Matthew DeVore
2019-06-01 0:36 ` [PATCH v2 8/9] list-objects-filter-options: clean up use of ALLOC_GROW Matthew DeVore
2019-06-03 22:07 ` Jacob Keller
2019-06-03 22:39 ` Matthew DeVore
2019-06-04 3:16 ` Jacob Keller
2019-06-01 0:36 ` [PATCH v2 9/9] list-objects-filter-options: make parser void Matthew DeVore
2019-06-03 21:35 ` [PATCH v2 0/9] Filter combination Jeff Hostetler
2019-06-13 21:51 ` [PATCH v3 00/10] " Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 01/10] list-objects-filter: make API easier to use Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 02/10] list-objects-filter: put omits set in filter struct Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 03/10] list-objects-filter-options: always supply *errbuf Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 04/10] list-objects-filter: implement composite filters Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 05/10] list-objects-filter-options: move error check up Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 06/10] list-objects-filter-options: make filter_spec a string_list Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 07/10] strbuf: give URL-encoding API a char predicate fn Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 08/10] list-objects-filter-options: allow mult. --filter Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 09/10] list-objects-filter-options: clean up use of ALLOC_GROW Matthew DeVore
2019-06-13 21:51 ` [PATCH v3 10/10] list-objects-filter-options: make parser void Matthew DeVore
2019-06-14 19:50 ` [PATCH v3 00/10] Filter combination Junio C Hamano
2019-06-15 0:40 ` [PATCH v4 " Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 01/10] list-objects-filter: make API easier to use Matthew DeVore
2019-06-21 22:58 ` Jonathan Tan
2019-06-27 0:46 ` Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 02/10] list-objects-filter: put omits set in filter struct Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 03/10] list-objects-filter-options: always supply *errbuf Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 04/10] list-objects-filter: implement composite filters Matthew DeVore
2019-06-18 8:42 ` Johannes Schindelin
2019-06-18 20:22 ` Matthew DeVore
2019-06-21 18:17 ` Johannes Schindelin
2019-06-22 0:26 ` Jonathan Tan
2019-06-27 21:12 ` Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 05/10] list-objects-filter-options: move error check up Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 06/10] list-objects-filter-options: make filter_spec a string_list Matthew DeVore
2019-06-22 0:37 ` Jonathan Tan
2019-06-27 21:17 ` Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 07/10] strbuf: give URL-encoding API a char predicate fn Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 08/10] list-objects-filter-options: allow mult. --filter Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 09/10] list-objects-filter-options: clean up use of ALLOC_GROW Matthew DeVore
2019-06-15 0:40 ` [PATCH v4 10/10] list-objects-filter-options: make parser void Matthew DeVore
2019-06-22 0:46 ` Jonathan Tan
2019-06-27 21:24 ` Matthew DeVore
2019-06-27 22:27 ` Matthew DeVore
2019-06-18 1:25 ` [PATCH v4 00/10] Filter combination Junio C Hamano
2019-06-27 22:54 ` [PATCH v5 " Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 01/10] list-objects-filter: encapsulate filter components Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 02/10] list-objects-filter: put omits set in filter struct Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 03/10] list-objects-filter-options: always supply *errbuf Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 04/10] list-objects-filter: implement composite filters Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 05/10] list-objects-filter-options: move error check up Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 06/10] list-objects-filter-options: make filter_spec a string_list Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 07/10] strbuf: give URL-encoding API a char predicate fn Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 08/10] list-objects-filter-options: allow mult. --filter Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 09/10] list-objects-filter-options: clean up use of ALLOC_GROW Matthew DeVore
2019-06-27 22:54 ` [PATCH v5 10/10] list-objects-filter-options: make parser void Matthew DeVore
2019-06-28 16:05 ` [PATCH v5 00/10] Filter combination Junio C Hamano
2019-06-28 17:16 ` Jonathan Tan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190611184426.GB58112@comcast.net \
--to=matvore@comcast.net \
--cc=dstolee@microsoft.com \
--cc=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jeffhost@microsoft.com \
--cc=jonathantanmy@google.com \
--cc=jrn@google.com \
--cc=jrnieder@gmail.com \
--cc=matvore@google.com \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.