From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: git@vger.kernel.org
Cc: "Junio C Hamano" <gitster@pobox.com>,
"René Scharfe" <l.s.r@web.de>, "Jinoh Kang" <luke1337@theori.io>,
"Phillip Wood" <phillip.wood@talktalk.net>,
"Glen Choo" <chooglen@google.com>,
"Paul Tan" <pyokagan@gmail.com>,
"Han-Wen Nienhuys" <hanwen@google.com>,
"Karthik Nayak" <karthik.188@gmail.com>,
"Jeff Smith" <whydoubt@gmail.com>,
"Taylor Blau" <me@ttaylorr.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: [RFC PATCH 08/15] strbuf.c: use st_add3(), not unsigned_add_overflows()
Date: Fri, 3 Jun 2022 20:37:45 +0200 [thread overview]
Message-ID: <RFC-patch-08.15-2c4b7832144-20220603T183608Z-avarab@gmail.com> (raw)
In-Reply-To: <RFC-cover-00.15-00000000000-20220603T183608Z-avarab@gmail.com>
Change the strbuf_grow() function to use st_add3() instead of doing
its own unsigned_add_overflows() checks. The overflow checking here
was originally added in b449f4cfc97 (Rework strbuf API and semantics.,
2007-09-06) and adjusted in 1368f65002b (compat: helper for detecting
unsigned overflow, 2010-10-10). Instead we compute a "sz" with
st_add3().
That was done at a time when the underlying xrealloc() in
git-compat-util.h didn't use st_mult() yet, that has been the case
since the later e7792a74bcf (harden REALLOC_ARRAY and xcalloc against
size_t overflow, 2016-02-22).
The only behavior change here should be the very obscure edge case
that we'd previously die() in cases where we strictly didn't need to,
as we'd check both "extra + 1" and "sb->len + extra + 1" for
overflow. If we overflowed only on the latter but were doing the
former we'd needlessly die() die. I don't think that difference
mattered, but it's noted here for completeness.
While we're at it add an inline comment about why we're adding 1 to
the values, that's also explained in the API documentation in
strbuf.h, but since we're using that magic constant here...
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---
strbuf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/strbuf.c b/strbuf.c
index 61c4630aeeb..f0a74d2bfb1 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -91,12 +91,12 @@ void strbuf_attach(struct strbuf *sb, void *buf, size_t len, size_t alloc)
void strbuf_grow(struct strbuf *sb, size_t extra)
{
int new_buf = !sb->alloc;
- if (unsigned_add_overflows(extra, 1) ||
- unsigned_add_overflows(sb->len, extra + 1))
- die("you want to use way too much memory");
+ const size_t sz_buf = new_buf ? 0 : sb->len;
+ const size_t sz = st_add3(sz_buf, extra, 1 /* for \0 */);
+
if (new_buf)
sb->buf = NULL;
- ALLOC_GROW(sb->buf, sb->len + extra + 1, sb->alloc);
+ ALLOC_GROW(sb->buf, sz, sb->alloc);
if (new_buf && !sb->buf)
BUG("for a new buffer ALLOC_GROW() should always do work!");
if (new_buf)
--
2.36.1.1124.g577fa9c2ebd
next prev parent reply other threads:[~2022-06-03 18:39 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 18:37 [RFC PATCH 00/15] Fix GCC -fanalyzer warnings & add -fanalyzer DEVOPTS mode Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 01/15] remote.c: don't dereference NULL in freeing loop Ævar Arnfjörð Bjarmason
2022-06-03 21:07 ` René Scharfe
2022-06-03 21:28 ` Junio C Hamano
2022-06-03 22:32 ` Glen Choo
2022-06-04 12:51 ` Phillip Wood
2022-06-04 16:20 ` Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 02/15] pull.c: don't feed NULL to strcmp() on get_rebase_fork_point() path Ævar Arnfjörð Bjarmason
2022-06-03 21:27 ` René Scharfe
2022-06-03 18:37 ` [RFC PATCH 03/15] reftable: don't memset() a NULL from failed malloc() Ævar Arnfjörð Bjarmason
2022-06-03 22:22 ` René Scharfe
2022-06-04 0:54 ` Ævar Arnfjörð Bjarmason
2022-06-04 12:24 ` René Scharfe
2022-06-04 16:23 ` Ævar Arnfjörð Bjarmason
2022-06-04 20:31 ` René Scharfe
2022-06-06 16:53 ` Junio C Hamano
2022-06-06 17:38 ` Ævar Arnfjörð Bjarmason
2022-06-06 17:44 ` Junio C Hamano
2022-06-06 17:46 ` Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 04/15] diff-lib.c: don't dereference NULL in oneway_diff() Ævar Arnfjörð Bjarmason
2022-06-03 22:48 ` René Scharfe
2022-06-03 18:37 ` [RFC PATCH 05/15] refs/packed-backend.c: add a BUG() if iter is NULL Ævar Arnfjörð Bjarmason
2022-06-03 23:14 ` René Scharfe
2022-06-03 18:37 ` [RFC PATCH 06/15] ref-filter.c: BUG() out on show_ref() with NULL refname Ævar Arnfjörð Bjarmason
2022-06-04 18:07 ` René Scharfe
2022-06-03 18:37 ` [RFC PATCH 07/15] strbuf.c: placate -fanalyzer in strbuf_grow() Ævar Arnfjörð Bjarmason
2022-06-04 12:24 ` René Scharfe
2022-06-04 12:46 ` Phillip Wood
2022-06-04 16:21 ` Ævar Arnfjörð Bjarmason
2022-06-04 20:37 ` René Scharfe
2022-06-05 10:20 ` Phillip Wood
2022-06-03 18:37 ` Ævar Arnfjörð Bjarmason [this message]
2022-06-04 21:27 ` [RFC PATCH 08/15] strbuf.c: use st_add3(), not unsigned_add_overflows() René Scharfe
2022-06-03 18:37 ` [RFC PATCH 09/15] add-patch: assert parse_diff() expectations with BUG() Ævar Arnfjörð Bjarmason
2022-06-04 13:04 ` Phillip Wood
2022-06-03 18:37 ` [RFC PATCH 10/15] reftable: don't have reader_get_block() confuse -fanalyzer Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 11/15] blame.c: clarify the state of "final_commit" for -fanalyzer Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 12/15] pack.h: wrap write_*file*() functions Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 13/15] pack-write API: pass down "verify" not arbitrary flags Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 14/15] config.mak.dev: add a DEVOPTS=analyzer mode to use GCC's -fanalyzer Ævar Arnfjörð Bjarmason
2022-06-03 18:37 ` [RFC PATCH 15/15] config.mak.dev: add and use ASSERT_FOR_FANALYZER() macro Ævar Arnfjörð Bjarmason
2022-06-04 13:12 ` Phillip Wood
2022-06-07 15:50 ` [PATCH 0/3] remote API: fix -fanalyzer-spotted freeing issue Ævar Arnfjörð Bjarmason
2022-06-07 15:50 ` [PATCH 1/3] remote.c: remove braces from one-statement "for"-loops Ævar Arnfjörð Bjarmason
2022-06-07 15:50 ` [PATCH 2/3] remote.c: don't dereference NULL in freeing loop Ævar Arnfjörð Bjarmason
2022-06-07 17:23 ` Junio C Hamano
2022-06-07 15:50 ` [PATCH 3/3] remote API: don't buggily FREE_AND_NULL(), free() instead Ævar Arnfjörð Bjarmason
2022-06-07 17:02 ` Glen Choo
2022-06-07 18:09 ` Junio C Hamano
2022-06-07 17:29 ` Junio C Hamano
2022-06-07 17:32 ` [PATCH 0/3] remote API: fix -fanalyzer-spotted freeing issue Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=RFC-patch-08.15-2c4b7832144-20220603T183608Z-avarab@gmail.com \
--to=avarab@gmail.com \
--cc=chooglen@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=hanwen@google.com \
--cc=karthik.188@gmail.com \
--cc=l.s.r@web.de \
--cc=luke1337@theori.io \
--cc=me@ttaylorr.com \
--cc=phillip.wood@talktalk.net \
--cc=pyokagan@gmail.com \
--cc=whydoubt@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.