From: Jeff King <peff@peff.net>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Stefan Beller <sbeller@google.com>, git@vger.kernel.org
Subject: Re: [PATCH] branch: reset instead of release a strbuf
Date: Tue, 3 Oct 2017 19:49:19 -0400 [thread overview]
Message-ID: <20171003234919.qsr54ncmw6cihowi@sigill.intra.peff.net> (raw)
In-Reply-To: <20171003222414.GC19555@aiede.mtv.corp.google.com>
On Tue, Oct 03, 2017 at 03:24:14PM -0700, Jonathan Nieder wrote:
> Here's a patch to address the surprising strbuf.h advice.
>
> -- >8 --
> Subject: strbuf: do not encourage init-after-release
>
> strbuf_release already leaves the strbuf in a valid, initialized
> state, so there is not need to call strbuf_init after it.
>
> Moreover, this is not likely to change in the future: strbuf_release
> leaving the strbuf in a valid state has been easy to maintain and has
> been very helpful for Git's robustness and simplicity (e.g.,
> preventing use-after-free vulnerabilities).
Thanks for picking this up. Like you, I was quite surprised when I saw
Stefan's original patch.
> diff --git a/strbuf.h b/strbuf.h
> index 7496cb8ec5..6e175c3694 100644
> --- a/strbuf.h
> +++ b/strbuf.h
> @@ -83,7 +83,7 @@ extern void strbuf_init(struct strbuf *, size_t);
>
> /**
> * Release a string buffer and the memory it used. You should not use the
> - * string buffer after using this function, unless you initialize it again.
> + * string buffer after using this function.
> */
> extern void strbuf_release(struct strbuf *);
I think it's actually OK to use the string buffer after this function.
It's just an empty string.
Perhaps we should be more explicit: this releases any resources and
resets to a pristine, empty state. I suspect strbuf_detach() probably
should make the same claim.
Earlier you mentioned:
> It is still not advisable to call strbuf_release until done using a
> strbuf because it is wasteful, so keep that part of the advice.
Is this what you meant? If so, I think we should probably be more
explicit in giving people a hint to use strbuf_reset() for efficiency.
-Peff
next prev parent reply other threads:[~2017-10-03 23:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 21:14 [PATCH] branch: reset instead of release a strbuf Stefan Beller
2017-10-03 21:46 ` Jonathan Nieder
2017-10-03 22:17 ` Stefan Beller
2017-10-03 22:24 ` Jonathan Nieder
2017-10-03 23:49 ` Jeff King [this message]
2017-10-04 2:19 ` Junio C Hamano
2017-10-04 2:39 ` [PATCH v2] strbuf doc: reuse after strbuf_release is fine Jonathan Nieder
2017-10-04 5:00 ` Junio C Hamano
2017-10-04 5:27 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171003234919.qsr54ncmw6cihowi@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.