| Message ID | 20230828125132.25144-1-sir@cmpwn.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | builtin/log.c: prepend "RFC" on --rfc | expand |
On Mon, Aug 28, 2023 at 02:50:34PM +0200, Drew DeVault wrote: > Rather than replacing the configured subject prefix (either through the > git config or command line) entirely with "RFC PATCH", this change > prepends RFC to whatever subject prefix was already in use. > > This is useful, for example, when a user is working on a repository that > has a subject prefix considered to disambiguate patches: > > git config format.subjectPrefix 'PATCH my-project' > > Prior to this change, formatting patches with --rfc would lose the > 'my-project' information. This sounds like a good change to me. It would be backwards-incompatible for anybody expecting: git format-patch --subject=foo --rfc to override the --subject line, but that seems rather unlikely. > Implementation note: this introduces a small memory leak, but freeing it > requires a non-trivial amount of refactoring and some dubious choices > that I was not sure of for a small patch; and it seems like memory leaks > in this context are tolerated anyway from a perusal of the existing > code. We do have a lot of small leaks like this, but we've been trying to clean them up slowly. There's some infrastructure in the test suite for marking scripts as leak-free, but t4014 is not yet there, so this won't cause CI to complain at this point. It is tempting while we are here and thinking about it to put in an easy hack, like storing the allocated string in a static variable. > static int rfc_callback(const struct option *opt, const char *arg, int unset) > { > + int n; > + char *prefix; > + const char *prev; > + > BUG_ON_OPT_NEG(unset); > BUG_ON_OPT_ARG(arg); > - return subject_prefix_callback(opt, "RFC PATCH", unset); > + > + prev = ((struct rev_info *)opt->value)->subject_prefix; > + assert(prev != NULL); > + n = snprintf(NULL, 0, "RFC %s", prev); > + assert(n > 0); > + prefix = xmalloc(n + 1); > + n = snprintf(prefix, n + 1, "RFC %s", prev); > + assert(n > 0); > + > + return subject_prefix_callback(opt, prefix, unset); > } We try to avoid manually computing string sizes like this, since it's error-prone and can be subject to integer overflow attacks (not in this case, but every instance makes auditing harder). You can use xstrfmt() instead. Coupled with the leak-hack from above, maybe just: diff --git a/builtin/log.c b/builtin/log.c index db3a88bfe9..579c3a2419 100644 --- a/builtin/log.c +++ b/builtin/log.c @@ -1476,9 +1476,19 @@ static int subject_prefix_callback(const struct option *opt, const char *arg, static int rfc_callback(const struct option *opt, const char *arg, int unset) { + /* + * "avoid" leak by holding on to a reference to the memory, since we + * need the string for the lifetime of the process anyway + */ + static char *prefix; + BUG_ON_OPT_NEG(unset); BUG_ON_OPT_ARG(arg); - return subject_prefix_callback(opt, "RFC PATCH", unset); + + free(prefix); + prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix); + + return subject_prefix_callback(opt, prefix, unset); } static int numbered_cmdline_opt = 0; The rest of the patch (docs and tests) looked good to me.
On Mon Aug 28, 2023 at 4:42 PM CEST, Jeff King wrote: > static int rfc_callback(const struct option *opt, const char *arg, int unset) > { > + /* > + * "avoid" leak by holding on to a reference to the memory, since we > + * need the string for the lifetime of the process anyway > + */ > + static char *prefix; > + > BUG_ON_OPT_NEG(unset); > BUG_ON_OPT_ARG(arg); > - return subject_prefix_callback(opt, "RFC PATCH", unset); > + > + free(prefix); > + prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix); > + > + return subject_prefix_callback(opt, prefix, unset); > } I like this better, thanks!
Drew DeVault <sir@cmpwn.com> writes: > Rather than replacing the configured subject prefix (either through the > git config or command line) entirely with "RFC PATCH", this change > prepends RFC to whatever subject prefix was already in use. > > This is useful, for example, when a user is working on a repository that > has a subject prefix considered to disambiguate patches: > > git config format.subjectPrefix 'PATCH my-project' > > Prior to this change, formatting patches with --rfc would lose the > 'my-project' information. OK. My initial reaction was that we should just deprecate "--rfc" and instead use "--subject-prefix" for whatever multi-token string; that way, we do not need to worry about having to add "--wip" and other "shorthand" options ;-). But the combination of the configuration variable that specifies the tag that is used for everyday operation and a command line option that allows you to add (not replace) RFC would be a justifiable behaviour. It certainly is better than the current (original) design of "--rfc". This needs to be advertised as a backward incompatible change in the release notes, but I doubt that the fallout would be major. The implementation below looks like it is quite out of our style, but I'll read v2 instead.
On 28/08/2023 15:42, Jeff King wrote: > On Mon, Aug 28, 2023 at 02:50:34PM +0200, Drew DeVault wrote: > >> Rather than replacing the configured subject prefix (either through the >> git config or command line) entirely with "RFC PATCH", this change >> prepends RFC to whatever subject prefix was already in use. >> >> This is useful, for example, when a user is working on a repository that >> has a subject prefix considered to disambiguate patches: >> >> git config format.subjectPrefix 'PATCH my-project' >> >> Prior to this change, formatting patches with --rfc would lose the >> 'my-project' information. > > This sounds like a good change to me. I agree it sounds like a good change but if we're going to change it than I think we should ensure git format-patch --subject-prefix=foo --rfc and git format-patch --rfc --subject-prefix=foo give the same result. That would mean dropping rfc_callback() and using OPT_BOOL() instead of OPT_CALLBACK_F(). We could add the "RFC " prefix just before we add the re-roll suffix. Best Wishes Phillip It would be backwards-incompatible > for anybody expecting: > > git format-patch --subject=foo --rfc > > to override the --subject line, but that seems rather unlikely. >> Implementation note: this introduces a small memory leak, but freeing it >> requires a non-trivial amount of refactoring and some dubious choices >> that I was not sure of for a small patch; and it seems like memory leaks >> in this context are tolerated anyway from a perusal of the existing >> code. > > We do have a lot of small leaks like this, but we've been trying to > clean them up slowly. There's some infrastructure in the test suite for > marking scripts as leak-free, but t4014 is not yet there, so this > won't cause CI to complain at this point. > > It is tempting while we are here and thinking about it to put in an easy > hack, like storing the allocated string in a static variable. > >> static int rfc_callback(const struct option *opt, const char *arg, int unset) >> { >> + int n; >> + char *prefix; >> + const char *prev; >> + >> BUG_ON_OPT_NEG(unset); >> BUG_ON_OPT_ARG(arg); >> - return subject_prefix_callback(opt, "RFC PATCH", unset); >> + >> + prev = ((struct rev_info *)opt->value)->subject_prefix; >> + assert(prev != NULL); >> + n = snprintf(NULL, 0, "RFC %s", prev); >> + assert(n > 0); >> + prefix = xmalloc(n + 1); >> + n = snprintf(prefix, n + 1, "RFC %s", prev); >> + assert(n > 0); >> + >> + return subject_prefix_callback(opt, prefix, unset); >> } > > We try to avoid manually computing string sizes like this, since it's > error-prone and can be subject to integer overflow attacks (not in this > case, but every instance makes auditing harder). You can use xstrfmt() > instead. > > Coupled with the leak-hack from above, maybe just: > > diff --git a/builtin/log.c b/builtin/log.c > index db3a88bfe9..579c3a2419 100644 > --- a/builtin/log.c > +++ b/builtin/log.c > @@ -1476,9 +1476,19 @@ static int subject_prefix_callback(const struct option *opt, const char *arg, > > static int rfc_callback(const struct option *opt, const char *arg, int unset) > { > + /* > + * "avoid" leak by holding on to a reference to the memory, since we > + * need the string for the lifetime of the process anyway > + */ > + static char *prefix; > + > BUG_ON_OPT_NEG(unset); > BUG_ON_OPT_ARG(arg); > - return subject_prefix_callback(opt, "RFC PATCH", unset); > + > + free(prefix); > + prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix); > + > + return subject_prefix_callback(opt, prefix, unset); > } > > static int numbered_cmdline_opt = 0; > > The rest of the patch (docs and tests) looked good to me.
On Mon, Aug 28, 2023 at 05:30:36PM +0100, Phillip Wood wrote: > I agree it sounds like a good change but if we're going to change it than I > think we should ensure > > git format-patch --subject-prefix=foo --rfc > > and > > git format-patch --rfc --subject-prefix=foo > > give the same result. That would mean dropping rfc_callback() and using > OPT_BOOL() instead of OPT_CALLBACK_F(). We could add the "RFC " prefix just > before we add the re-roll suffix. Good catch. That should also make the leak issue easier to solve, too, as we'd hold the string (and free it) in the main cmd_format_patch() function. This is exactly how the "reroll_count" feature works currently. -Peff
Phillip Wood <phillip.wood123@gmail.com> writes: > I agree it sounds like a good change but if we're going to change it > than I think we should ensure > > git format-patch --subject-prefix=foo --rfc > > and > > git format-patch --rfc --subject-prefix=foo > > give the same result. Good catch. The implementation with this patch feel philosophically dirty, in that the new "--rfc" is no longer "we use a different subject-prefix" but "this new option is independent from the subject-prefix; whatever string that other option receives goes before the title, and our string goes even before that". And to reflect that independent nature better, it should just grab the string into a separate local variable and combine the two into a single prefix string after parse_options() returns. Thanks.
diff --git a/Documentation/git-format-patch.txt b/Documentation/git-format-patch.txt index 373b46fc0d..fdc52cf826 100644 --- a/Documentation/git-format-patch.txt +++ b/Documentation/git-format-patch.txt @@ -229,9 +229,9 @@ populated with placeholder text. variable, or 64 if unconfigured. --rfc:: - Alias for `--subject-prefix="RFC PATCH"`. RFC means "Request For - Comments"; use this when sending an experimental patch for - discussion rather than application. + Prepends "RFC" to the subject prefix (producing "RFC PATCH" by + default). RFC means "Request For Comments"; use this when sending + an experimental patch for discussion rather than application. -v <n>:: --reroll-count=<n>:: diff --git a/builtin/log.c b/builtin/log.c index db3a88bfe9..d986faebed 100644 --- a/builtin/log.c +++ b/builtin/log.c @@ -1476,9 +1476,22 @@ static int subject_prefix_callback(const struct option *opt, const char *arg, static int rfc_callback(const struct option *opt, const char *arg, int unset) { + int n; + char *prefix; + const char *prev; + BUG_ON_OPT_NEG(unset); BUG_ON_OPT_ARG(arg); - return subject_prefix_callback(opt, "RFC PATCH", unset); + + prev = ((struct rev_info *)opt->value)->subject_prefix; + assert(prev != NULL); + n = snprintf(NULL, 0, "RFC %s", prev); + assert(n > 0); + prefix = xmalloc(n + 1); + n = snprintf(prefix, n + 1, "RFC %s", prev); + assert(n > 0); + + return subject_prefix_callback(opt, prefix, unset); } static int numbered_cmdline_opt = 0; diff --git a/t/t4014-format-patch.sh b/t/t4014-format-patch.sh index 3cf2b7a7fb..a7fe839683 100755 --- a/t/t4014-format-patch.sh +++ b/t/t4014-format-patch.sh @@ -1377,6 +1377,15 @@ test_expect_success '--rfc' ' test_cmp expect actual ' +test_expect_success '--rfc does not overwrite prefix' ' + cat >expect <<-\EOF && + Subject: [RFC PATCH foobar 1/1] header with . in it + EOF + git format-patch -n -1 --stdout --subject-prefix "PATCH foobar" --rfc >patch && + grep ^Subject: patch >actual && + test_cmp expect actual +' + test_expect_success '--from=ident notices bogus ident' ' test_must_fail git format-patch -1 --stdout --from=foo >patch '
Rather than replacing the configured subject prefix (either through the git config or command line) entirely with "RFC PATCH", this change prepends RFC to whatever subject prefix was already in use. This is useful, for example, when a user is working on a repository that has a subject prefix considered to disambiguate patches: git config format.subjectPrefix 'PATCH my-project' Prior to this change, formatting patches with --rfc would lose the 'my-project' information. Signed-off-by: Drew DeVault <sir@cmpwn.com> --- Implementation note: this introduces a small memory leak, but freeing it requires a non-trivial amount of refactoring and some dubious choices that I was not sure of for a small patch; and it seems like memory leaks in this context are tolerated anyway from a perusal of the existing code. Documentation/git-format-patch.txt | 6 +++--- builtin/log.c | 15 ++++++++++++++- t/t4014-format-patch.sh | 9 +++++++++ 3 files changed, 26 insertions(+), 4 deletions(-)