From patchwork Sat Apr 18 20:18:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496943 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 07F14174A for ; Sat, 18 Apr 2020 20:18:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E455C221F7 for ; Sat, 18 Apr 2020 20:18:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="q1N0/87E" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728265AbgDRUSy (ORCPT ); Sat, 18 Apr 2020 16:18:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUSx (ORCPT ); Sat, 18 Apr 2020 16:18:53 -0400 Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33023C061A0C for ; Sat, 18 Apr 2020 13:18:53 -0700 (PDT) Received: by mail-lf1-x142.google.com with SMTP id x23so4709760lfq.1 for ; Sat, 18 Apr 2020 13:18:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=84hnXTm9qNUGMODcL1hCAyLQDgXtASTHAvb2L4PIv4c=; b=q1N0/87ExXXGsSl2zOd8oUfURLX2VZd1Z598rg3+agRhu8mu6f0TLT8joa0UJvyKNS UfhlGLhXcVipDWoJqfsYCuIizFXjypS6eNZatvaOCir2BDHvOZYDpqqFlU9wn9C7okD8 yis79yd/5Lss7U3SHoOZspZxJ0ZS4Mn4GSoMleWTmOdIGTsUnFE8uSrJduxvng/d1ybN e8BAmqcfTV446JLpp+TGRjVGtpIsc6ADrAfP5RbaA1pbcW024pvgWdA5yEvOYi/zLROf mZCeP6KwHy7R+YoELGvMGpQKTnbXbpfAFbRR6Jd9aAZjH3zZpaEFr1wg4YWbAjWl8o3y NLSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=84hnXTm9qNUGMODcL1hCAyLQDgXtASTHAvb2L4PIv4c=; b=jQnjPfu1XdDi6cCi+68ml6IXg2eC4d2Xz/XhD3hhN1yZ38i08kL+Cxoe1e1aDXtuIc 7FwauwTkz4xz5dqI8+8lV9VRLxRvMd7UXN5Pn2HOJ6vm5o6+lpn4QCAo1OTe6dgjbcuI gEAgSqV6Y1z9iEer7m+j+GEKG4MlKz1d6h9/e84btadnS3iptZlda92aAX5dC9SzQfvF JQI/dIcTQrhwrgwzZdp4SPptIyno+uhpaJtonBYfSSGDhKUskzo+tAMhhUq5K/lsZkfE 2xwcn3Nco6ZxouzyQNyxIW07La1po8EBlQT5E9ru4PLQJhRl2BwyRe20hRZxghZb6L+Z Xe4w== X-Gm-Message-State: AGi0PuYele1yvXDb34+usBYGUTFZNBN0+MVoumeVhNeJnehmphqWvwlt rHQ20MKztS/Wd6i6Lcnq5/hyNBbJ X-Google-Smtp-Source: APiQypIpEkrgLEMklVmgvKU6Ees6f5d4E9fAlxNxQUc6dGcrjlu0EldJy50fxi8uOSF4axLDAYTqpQ== X-Received: by 2002:a19:1c3:: with SMTP id 186mr5728684lfb.191.1587241131477; Sat, 18 Apr 2020 13:18:51 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.18.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:18:51 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 1/6] am: use `strbuf_attach()` correctly Date: Sat, 18 Apr 2020 22:18:24 +0200 Message-Id: X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Among other parameters, `strbuf_attach()` takes a length and an amount of allocated memory. In strbuf.h, it is documented that the latter "must be larger than the string length, because the string you pass is supposed to be a NUL-terminated string". In builtin/am.c, we simply pass in the length of the string twice. My first assumption was that we'd end up with `alloc == len` and that, e.g., a subsequent `strbuf_avail(sb)` would evaluate `sb->alloc - sb->len - 1`, resulting in a huge return value, which could be quite bad. But luckily, we end up in `strbuf_grow()` where we reallocate a larger buffer, after which we reinstate a '\0' and everything is fine. One might ask if the function was documented incorrectly in dd613e6b87 ("Strbuf documentation: document most functions", 2008-06-04), but on the other hand, one really has to wonder whether it's actually useful to be able to pass in `alloc == len` only to end up performing the allocation, copying and freeing which this function very much looks like it would keep us from having to do. Pass in a value one greater than the length for the `alloc` parameter. The string has been allocated correctly using the strbuf machinery in `read_commit_msg()` and we really do have an extra byte at the end with a NUL. This means both that the buffer is as large as we claim it to be and that the addition is safe. Signed-off-by: Martin Ågren --- builtin/am.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/am.c b/builtin/am.c index e3dfd93c25..e6a9fe8111 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -1101,7 +1101,7 @@ static void am_append_signoff(struct am_state *state) { struct strbuf sb = STRBUF_INIT; - strbuf_attach(&sb, state->msg, state->msg_len, state->msg_len); + strbuf_attach(&sb, state->msg, state->msg_len, state->msg_len + 1); append_signoff(&sb, 0, 0); state->msg = strbuf_detach(&sb, &state->msg_len); } From patchwork Sat Apr 18 20:18:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496947 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28383112C for ; Sat, 18 Apr 2020 20:18:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 10B32221F7 for ; Sat, 18 Apr 2020 20:18:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="oZ9HdTvp" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728269AbgDRUS6 (ORCPT ); Sat, 18 Apr 2020 16:18:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUS5 (ORCPT ); Sat, 18 Apr 2020 16:18:57 -0400 Received: from mail-lj1-x244.google.com (mail-lj1-x244.google.com [IPv6:2a00:1450:4864:20::244]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 601E6C061A0C for ; Sat, 18 Apr 2020 13:18:57 -0700 (PDT) Received: by mail-lj1-x244.google.com with SMTP id r7so5686712ljg.13 for ; Sat, 18 Apr 2020 13:18:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UCXzrL/gM6cVJk20aTlr3/YzVSvu4ZTXyduC2AEG228=; b=oZ9HdTvpi/qQFj6CdfCTiJk6VFGqpND7Vt9wKtMCY8itpKnYhJB6E4u+qc4e8kQgm4 4lNBuObjJcjHZbtdWJ2FQyo9AyQ5AelAQ1LV24wsoGWTxbMd8lU2AqZQFL2E4qMuyfYb 0NfPqKbr5gVT2IijpkpjG+W/VkTO0lCJvdClNGTi8PspYqGr/RhhbhqaZLYiP6ZNiqTg gGE9OYjJS/qGSd+VNFgCSEpu8nChSlCdKSSr17ZdNPDPbJSjewseQrEZAmPXQwpgiIYV Nr5lW+QH/RxMcOPI4Bnnp+wGqFt/z45OIPJ2F1sly1lLgFlUdw+tbJPHbp0tThrI3eRu TBWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UCXzrL/gM6cVJk20aTlr3/YzVSvu4ZTXyduC2AEG228=; b=Yed/vSJO3LI/QRaiQxlFcw9bXgw3qP90Vi/dijKwI2+knj9Y0r+VFzSL2gAGC+1yEH +Sf0oW0hLS4nw2O7CXfMKjEVnQ3Z7N1KJzNt3njbLx7YjvJYhNH7CX4R2sM4aauVR8Vd fJCvlUK27ySugjN1eCFhbM432kcPbPVwagmWGE1arjj0Kg+EgwNOThpbsGIYvaDeR5ui HW9QvnDZtap7dxQQz1RMUxWIkokY//9DalvSubtMGSbqjtDyjfPWa/fk4IJuYNNIgmJ4 Lx8IBnX3Wt8uipdKVMxbwbZF5cYCN4j//XQb/lKv7URNRLpid6RSXPzu7nSlOlSV4TaZ OwpQ== X-Gm-Message-State: AGi0PuY7UNS0z9RJonEo+qd/GdFyt3Wdxx08/L6cqXW8YgXlOlwNoKbG LATLHH0MJX+d42U0dbv88MluthhJ X-Google-Smtp-Source: APiQypK5MuMcwPDwfEAp+SMXXNyYZwRP5eaipb3ny8kbnTMHCBQe8wJs0+QFg/KDaTAyUYLOVRIWrw== X-Received: by 2002:a2e:3209:: with SMTP id y9mr92381ljy.154.1587241135618; Sat, 18 Apr 2020 13:18:55 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.18.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:18:55 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 2/6] strbuf_attach: correctly pass in `strlen() + 1` for `alloc` Date: Sat, 18 Apr 2020 22:18:25 +0200 Message-Id: <54f3966f1f3a3e88bcd650cce89b47e650ba005b.1587240635.git.martin.agren@gmail.com> X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org This is similar to the previous commit where we corrected a use of `strbuf_attach()` to not pass in the same value for `len` and `alloc`. The sites addressed in this commit all use `strlen()`, which makes it obvious that we're working with NUL-terminated strings and that we can safely switch to providing `len + 1` for `alloc`. Signed-off-by: Martin Ågren --- mailinfo.c | 2 +- path.c | 2 +- refs/files-backend.c | 2 +- trailer.c | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/mailinfo.c b/mailinfo.c index 742fa376ab..af5d2cad31 100644 --- a/mailinfo.c +++ b/mailinfo.c @@ -459,7 +459,7 @@ static int convert_to_utf8(struct mailinfo *mi, return error("cannot convert from %s to %s", charset, mi->metainfo_charset); } - strbuf_attach(line, out, strlen(out), strlen(out)); + strbuf_attach(line, out, strlen(out), strlen(out) + 1); return 0; } diff --git a/path.c b/path.c index 9bd717c307..5745a71d36 100644 --- a/path.c +++ b/path.c @@ -816,7 +816,7 @@ const char *enter_repo(const char *path, int strict) if (!newpath) return NULL; strbuf_attach(&used_path, newpath, strlen(newpath), - strlen(newpath)); + strlen(newpath) + 1); } for (i = 0; suffix[i]; i++) { struct stat st; diff --git a/refs/files-backend.c b/refs/files-backend.c index 561c33ac8a..76bb2ef490 100644 --- a/refs/files-backend.c +++ b/refs/files-backend.c @@ -1514,7 +1514,7 @@ static int commit_ref(struct ref_lock *lock) size_t len = strlen(path); struct strbuf sb_path = STRBUF_INIT; - strbuf_attach(&sb_path, path, len, len); + strbuf_attach(&sb_path, path, len, len + 1); /* * If this fails, commit_lock_file() will also fail diff --git a/trailer.c b/trailer.c index 0c414f2fed..135f71aef1 100644 --- a/trailer.c +++ b/trailer.c @@ -1095,7 +1095,8 @@ void trailer_info_get(struct trailer_info *info, const char *str, for (ptr = trailer_lines; *ptr; ptr++) { if (last && isspace((*ptr)->buf[0])) { struct strbuf sb = STRBUF_INIT; - strbuf_attach(&sb, *last, strlen(*last), strlen(*last)); + strbuf_attach(&sb, *last, strlen(*last), + strlen(*last) + 1); strbuf_addbuf(&sb, *ptr); *last = strbuf_detach(&sb, NULL); continue; From patchwork Sat Apr 18 20:18:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496949 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1F90112C for ; Sat, 18 Apr 2020 20:19:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C928A21D93 for ; Sat, 18 Apr 2020 20:19:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iD400bHW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728274AbgDRUTI (ORCPT ); Sat, 18 Apr 2020 16:19:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56218 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUTH (ORCPT ); Sat, 18 Apr 2020 16:19:07 -0400 Received: from mail-lj1-x244.google.com (mail-lj1-x244.google.com [IPv6:2a00:1450:4864:20::244]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C39EC061A0C for ; Sat, 18 Apr 2020 13:19:07 -0700 (PDT) Received: by mail-lj1-x244.google.com with SMTP id u6so5717091ljl.6 for ; Sat, 18 Apr 2020 13:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=akVZWZipRuuLvNi8D4x2KLm7slZlzXxgE2XA/Tdpt64=; b=iD400bHW6mvKG4xDkAZWXWAmnNIu9HF0Eib92scmcWO7S8mitsmBXIwgnDt15vKKd2 FKalhbV5wIJFiFWSmRnFd2rVPKU60+8mZTXPNzTbqt3BZdgo7FfbVFNgZ2hWWwk2slim 2Ffhwp4qg2NwnNY+yPMSh/YGuhPI2npy/AN5MAhZ3BslOV4C/GDsQW6cicC9vOwUPj3H c12dkeqUhL0mGmnfoQFPIG8gt5aYbbu+F4kOHMo2SJN60xKrmG/EeFY4RE4nbjsSoEIe jwlIwpY4hN2363tb34zwoTDob1tgaNJ79eipgrY3p/CcSiYsxqMxSWR/DgL+atq3o9B1 3BMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=akVZWZipRuuLvNi8D4x2KLm7slZlzXxgE2XA/Tdpt64=; b=R1mBBi2K3+w5dYhZ94To8s7U2ZYz+T1hUj6N9mRsr2xkiGjrkwT7aJo6631sSXRhe7 b+YUYtOPuFtSOouyz7VxpXpd3E7Fp6LSMVZplKsRc6m4e+ccanOcZKgpdFB1OnjiUNbd lzYgOQyqRt5Qq7KqOc9d6CsNVDeKxgg/3496Th3aJdQsxdA3Y9LT9olmKYv8R6hM6zB0 c0XcLOSvwCRo6pIZyaio5bAjObmvZ1+nS3zYJKw/CKHdhZMXiZmc0chAZ0hBcTJiaXq9 V65+YmxxrG3FzDAJ0g/XJEIHsh4xRv44keakfguoroZTDAXmfhWhTLAsRzd5KUzRl1+R pTSg== X-Gm-Message-State: AGi0PuYwuzaU+NQCAzTY15gI4chW2vG3puBi43Wa2QgiNwKSc5j52lNF PDmVEF93Qnx9KKzqL8n0PtwLp+XE X-Google-Smtp-Source: APiQypLPfyQZDUU4mf5zR4Fm7D95owvCgake33+/KRBoZhpR6r4Iqu+OgwYjE8P1RrtZarMcTyt1tQ== X-Received: by 2002:a2e:7610:: with SMTP id r16mr1990818ljc.156.1587241145615; Sat, 18 Apr 2020 13:19:05 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.19.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:19:05 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 3/6] strbuf: use `strbuf_attach()` correctly Date: Sat, 18 Apr 2020 22:18:26 +0200 Message-Id: X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Similar to earlier commits, don't pass in the same value for `len` and `alloc` to `strbuf_attach()`. This string comes from `reencode_string_iconv()` which ensures we have an extra byte at the end. Signed-off-by: Martin Ågren --- strbuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/strbuf.c b/strbuf.c index bb0065ccaf..deb338412e 100644 --- a/strbuf.c +++ b/strbuf.c @@ -152,7 +152,7 @@ int strbuf_reencode(struct strbuf *sb, const char *from, const char *to) if (!out) return -1; - strbuf_attach(sb, out, len, len); + strbuf_attach(sb, out, len, len + 1); return 0; } From patchwork Sat Apr 18 20:18:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496951 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3886714DD for ; Sat, 18 Apr 2020 20:19:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2107822209 for ; Sat, 18 Apr 2020 20:19:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WeqzeGpX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728277AbgDRUTN (ORCPT ); Sat, 18 Apr 2020 16:19:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56234 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUTM (ORCPT ); Sat, 18 Apr 2020 16:19:12 -0400 Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79858C061A0C for ; Sat, 18 Apr 2020 13:19:12 -0700 (PDT) Received: by mail-lf1-x141.google.com with SMTP id 131so4669425lfh.11 for ; Sat, 18 Apr 2020 13:19:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nYMvdEnNs1mIQ+phRpew+SOBmCpz1HTNiCuhFQTchUU=; b=WeqzeGpXXU/POf1qeN0JjObLs9ZdpaP7zbwy+r3PhKeNNrs71NDvlyMicKX/oB0R9M EE3BWghzmBwbBTkN08+RA/ZehxZXmwX8H0iQhj+i34N6rJi3nHBjr43uOjN6aGAR9ANk DMjSBA/G+5Trp3ublvwvAM9yDUqBIysD/EUWpZn4fVSwaypnMUtwxH9BXH+gmJdCmfAH LdUKPyQtwFEtZBvySliLeG3gU6BfRTQQcFuT5y0arEsqWIsKILT8IB/b6Ox+Q8o12DGn PdLhKSh60oDDTb+V24p+ZKh4Il5b5Ba3h1n+ubs5I1QzVfb1d/y0JwF2oTydPtdHuCer S7VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nYMvdEnNs1mIQ+phRpew+SOBmCpz1HTNiCuhFQTchUU=; b=hbslHnzb2rbESmNk7HxtgirAweZCudSTd1Y7LDY1ewzx6SwIRwgLYKYNbaLRhHlRpI dgAA4S9zzh+kGlqEV3nPYDtvU4RDSoWPqSYmxlfTHTj9BKCQP5HemEHqDvdzV192E14R gWBxFN9Ip1xBEK808BFx3h3n6hJ2gTtIJpmqRN4JYOLVIFJeJTWuKwNiMSW8Ce/uQPxX 2asmLtJ8036sB9hgCu0DFSN6z9C1gRa1JuRNOdEHo++8FHT/Ovpog+2fN3SsBoDHFrku lxwktqSHQn39v9BRgfv9cx5wOP17JGVptBbV/KcONDRyVqR2tWCF6igS67lFnSStmB8p IDvw== X-Gm-Message-State: AGi0PuYHFGLrRvAICQQhboiYTtEtaazKuEO4OgUdgT6v2p/+fK4sXojH rcb2u9yhlk10a12cOfwTBj26Pv2S X-Google-Smtp-Source: APiQypIdpHgmYIIcAm6Hp0r7lL5+8XLMW6nqGS4Mq1f4tgEAbF2idP8H5aRW5slyvhgExHQ2lQj6/Q== X-Received: by 2002:ac2:4c89:: with SMTP id d9mr5838688lfl.165.1587241150732; Sat, 18 Apr 2020 13:19:10 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.19.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:19:10 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 4/6] fast-import: avoid awkward use of `strbuf_attach()` Date: Sat, 18 Apr 2020 22:18:27 +0200 Message-Id: <5db92b51c0363694c72b2de0c841449fa4e03f28.1587240635.git.martin.agren@gmail.com> X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org As explained in an earlier commit, per the documentation of `strbuf_attach()`, it is incorrect to pass in the same value for `alloc` as we do for `len`. But, and this was also explained earlier, doing so is still ok-ish because we'll end up allocating a large enough buffer under the hood. But then one really has to wonder whether strbuf_attach(&sb, buf, size, size); is any better than strbuf_reset(&sb); strbuf_add(&sb, buf, size); free(buf); The latter is certainly a lot less subtle about what is going on, and if we're lucky, the strbuf's allocated buffer is large enough that we won't even need to allocate. So let's change to this more explicit form. In short, this commit should not make things any worse. Nearby commits are changing other callsites to pass in a larger 'alloc` parameter. Maybe that's safe here, too -- I admit I don't quite follow where this memory comes from. In the future, we could possibly switch back to `strbuf_attach()` here after looking into the allocations in more detail. The immediate reason for this commit is that we want to simplify the usage of `strbuf_attach()`, and we won't be able to pass in "size, size" any more. Signed-off-by: Martin Ågren --- fast-import.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fast-import.c b/fast-import.c index 202dda11a6..7fd501c5cf 100644 --- a/fast-import.c +++ b/fast-import.c @@ -2946,10 +2946,11 @@ static void cat_blob(struct object_entry *oe, struct object_id *oid) cat_blob_write("\n", 1); if (oe && oe->pack_id == pack_id) { last_blob.offset = oe->idx.offset; - strbuf_attach(&last_blob.data, buf, size, size); + strbuf_reset(&last_blob.data); + strbuf_add(&last_blob.data, buf, size); last_blob.depth = oe->depth; - } else - free(buf); + } + free(buf); } static void parse_get_mark(const char *p) From patchwork Sat Apr 18 20:18:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496953 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B35A214DD for ; Sat, 18 Apr 2020 20:19:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9A717221F7 for ; Sat, 18 Apr 2020 20:19:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y2OBHLmA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728283AbgDRUTQ (ORCPT ); Sat, 18 Apr 2020 16:19:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUTQ (ORCPT ); Sat, 18 Apr 2020 16:19:16 -0400 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EB8DC061A0C for ; Sat, 18 Apr 2020 13:19:16 -0700 (PDT) Received: by mail-lj1-x242.google.com with SMTP id z26so5685420ljz.11 for ; Sat, 18 Apr 2020 13:19:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6jd9LgKzoOq+hd7wqtU/p8gY/rWBNQiwrdfRnY+o7Fk=; b=Y2OBHLmAU3tWHy8M7xlOTiYTQaYQn/OrgptlPoQApXwYPUlmtFjpqokwZah+iRCTgQ nYtkNJw7PEOScW1YggPw1yVB9KGcTrbp498k5u98PXRUCEdiKqUWXaCJljs8ZYq3nkLT eHx5KPEb3TB7AOwnPuuQJ1o6jDSnSQgi/Cnl4neWsb+qR2NfXEyUNHs9Jna6kChOeEP9 +5L3OmO3oYKWF5NMgO7NMM+eind1hdlitStMj3WdZtkiPnWzVABorPsPhaEFRVSNdkE9 F0pn+GCOE8In1kJuk9sCn3/bk+8+g5RmH455YxGgKqRlV80zycFgK2QisYCXzAa6hUnb lcFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6jd9LgKzoOq+hd7wqtU/p8gY/rWBNQiwrdfRnY+o7Fk=; b=T5B43l3+hoWuD4nmFZ5dK81zrwYUwenTkm09DuApX1Pc65WIpBoRLT+3ztbxiBU39O NmfobFqQjxZhTMeWiUQrNof3Eik3f+J4Goyjnu9rihNsoMhKusZJQtis5HOj/0GweG3j qHLxaDXuXXtjJzYAGPe+4jM+MhEKuaa3ecc4Tz8UdywsaQPszrebJ8cQoJBk83/fL4B5 BRjmhYx5UcTHSwwjghPe+QOd89LYeEO2MfDvi1X+3Z5rNsNUGqRcBhSZxV5iymI9jfKx y3914kBI/pF50iXxy1VAsIwDUFIlhAVpRsZbQCA2k6t1t0GtodAQdP0p8XBUbyuhj91A MEnw== X-Gm-Message-State: AGi0PuaMgGsTKlXdUaAvcCJTlcRBo0GuCUD4KByzPrYx2f9dUl51cmen f8+8iBVlivBDJv1fmX9dHGCPX2EF X-Google-Smtp-Source: APiQypLcmME2E5SJTKEKTNxgyU9jnUI99uy8BhDLulESS06LWIdOi79AJuufWeVzg0DBGLB6xjkRoQ== X-Received: by 2002:a2e:95d2:: with SMTP id y18mr1116762ljh.65.1587241154428; Sat, 18 Apr 2020 13:19:14 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.19.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:19:13 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 5/6] rerere: avoid awkward use of `strbuf_attach()` Date: Sat, 18 Apr 2020 22:18:28 +0200 Message-Id: X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Similar to the previous commit, avoid passing `strbuf_attach()` the same value for `len` and `alloc` by switching to `strbuf_add()`. This avoids a subtle allocate+copy+free dance in favour of a much more obvious one. Unlike in the previous commit, for this site, I know that it's not safe to pass in "len, len + 1". Trying that makes `strbuf_attach()` write a trailing '\0' at `result.ptr[len]`. Running our test suite with AddressSanitizer will spot an out-of-bounds write due to this. Signed-off-by: Martin Ågren --- rerere.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rerere.c b/rerere.c index 9281131a9f..c3e3714824 100644 --- a/rerere.c +++ b/rerere.c @@ -1007,7 +1007,8 @@ static int handle_cache(struct index_state *istate, else io.io.output = NULL; strbuf_init(&io.input, 0); - strbuf_attach(&io.input, result.ptr, result.size, result.size); + strbuf_add(&io.input, result.ptr, result.size); + free(result.ptr); /* * Grab the conflict ID and optionally write the original From patchwork Sat Apr 18 20:18:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_=C3=85gren?= X-Patchwork-Id: 11496955 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA6FE112C for ; Sat, 18 Apr 2020 20:19:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 97D02221F7 for ; Sat, 18 Apr 2020 20:19:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GHTfWtFG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728287AbgDRUT3 (ORCPT ); Sat, 18 Apr 2020 16:19:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727927AbgDRUT3 (ORCPT ); Sat, 18 Apr 2020 16:19:29 -0400 Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5F48C061A0C for ; Sat, 18 Apr 2020 13:19:28 -0700 (PDT) Received: by mail-lj1-x22c.google.com with SMTP id n6so2348849ljg.12 for ; Sat, 18 Apr 2020 13:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fXQtMFHLBfwe2wMAlhVR4+U0+uV8blgB79RLYOhlQCc=; b=GHTfWtFG95wk3cRJ1FBygpLqll8D1i7IGTJXN/KAivukUGE4a1fyZ6p3A4aDTRtfYY wTnbLPwUeIKP01pdXn4STuTuyNrrCNBQuL28SOZhiMARqZrZhmd+56rAVlylgw/fAmC5 F/3Rn201fbRI+DM3Y3H+pKIgnyyKG3Nb0TeDmI4lot2w29VqHZAqkbNIfKYJI1YURLEC tex7oCGQTe2QqfXw0nQGjozSr2LGK50HOGHXQN+kx2zSjefIMJ2uM5qaNCkb5fRhHMFB xlpTC67Ct8pQRfvlgB48RIELWaY2pLn0G6buJZgO7oXBi8LGwgKo8R6LKFZu6oFa+kFE hkbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fXQtMFHLBfwe2wMAlhVR4+U0+uV8blgB79RLYOhlQCc=; b=jB1ThfseuDdl1tZei5KyccfatuagMInEtK+yDSjnq22HNQ2wybYFSX/yf35zspKG+O kGHh4cWbYGSeokU2ffCCzZILQG5LcIGXbqM7mto5Y0uODfLYuIx7slcINNHjYyhusU34 0daS+WZC1IdU54E+vVhHsaDQf1PGByddq2zpxtD3PxDuQgy+2eF81RE6DxzPRGQQW9aL 1b/XgJuH9EpeynFrG0/6JbMKPfPB6TZnMxpcs8oe75c0C1LCB/rQgoYkQxwx3gbboSyZ cJrRSQub9ct4n12hQieZRSVrU08QilfB54fNCQiadv8a1ip16xiaMCMRm5gFCSlM4nQj xtqw== X-Gm-Message-State: AGi0PuaxzqSMWTUMGlJT/vdkMpuGwlySZGHON/0Nisd7rAlXmKDKILsk hVYPFUuNE2hWvpPPm2c17PKJTW+z X-Google-Smtp-Source: APiQypLpfKo42yRlJh/yZGMIDJhsQ3xW/ZCO802VX5G3yd/Ts9t3IYsbj4Ydjx/EoYYuBPskTc/yOQ== X-Received: by 2002:a2e:6a08:: with SMTP id f8mr5847655ljc.8.1587241166895; Sat, 18 Apr 2020 13:19:26 -0700 (PDT) Received: from localhost.localdomain (31-211-229-121.customers.ownit.se. [31.211.229.121]) by smtp.gmail.com with ESMTPSA id 73sm218713ljj.72.2020.04.18.13.19.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2020 13:19:26 -0700 (PDT) From: =?utf-8?q?Martin_=C3=85gren?= To: git@vger.kernel.org Cc: =?utf-8?b?xJBvw6BuIFRy4bqnbiBDw7RuZyBEYW5o?= Subject: [PATCH 6/6] strbuf: simplify `strbuf_attach()` usage Date: Sat, 18 Apr 2020 22:18:29 +0200 Message-Id: X-Mailer: git-send-email 2.26.1 In-Reply-To: References: MIME-Version: 1.0 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org The last few commits have fixed a decent number of call sites that pass in the same value for `alloc` and `len` when attaching a string to a strbuf, despite the documentation being quite clear about this not being ok. As a result, all users currently pass in `len + 1`. Because this interface was used incorrectly (albeit not necessarily insecurely) before, simplify it by making `strbuf_attach()` simply assume that the allocated length is exactly `len + 1`. If and when we do gain one or two call sites that know better, we can either keep on using this pessimistic assumption and it might not actually hurt much, or we could give them a dedicated function similar to the current more flexible (and proven error-prone) `strbuf_attach()`. This means we can drop the call to `strbuf_grow()`. It really only served to do the alloc+copy+free dance that we were supposedly avoiding. That said, we should consider the edge case of `buf == NULL`. Let's check for this and BUG. Even for a zero-length string, you need somewhere to stick the trailing NUL. (Also: If someone used to pass `alloc == len` for the case `len == 0`, we used to end up leaking `buf` on the assumption that we were using `strbuf_slopbuf`. Not the biggest leak ever, but still.) Finally, one might wonder if we could go further and make `strbuf_attach()` call `strlen()`. Some call sites wouldn't mind, but others do have the length already and we might as well use it. Those that don't have the length will figure it out as they call this function. Before this commit, they'd do two calls to `strlen()` so they either didn't care much or they trusted the compiler to optimize for them. They're not any worse off now. Signed-off-by: Martin Ågren --- strbuf.h | 16 ++++++++-------- apply.c | 2 +- archive.c | 2 +- blame.c | 2 +- builtin/am.c | 2 +- convert.c | 4 ++-- imap-send.c | 2 +- mailinfo.c | 2 +- merge-recursive.c | 2 +- path.c | 3 +-- pretty.c | 4 ++-- refs/files-backend.c | 2 +- strbuf.c | 11 +++++++---- trailer.c | 3 +-- 14 files changed, 29 insertions(+), 28 deletions(-) diff --git a/strbuf.h b/strbuf.h index ce8e49c0b2..72dcb43795 100644 --- a/strbuf.h +++ b/strbuf.h @@ -110,14 +110,14 @@ void strbuf_release(struct strbuf *sb); char *strbuf_detach(struct strbuf *sb, size_t *sz); /** - * Attach a string to a buffer. You should specify the string to attach, - * the current length of the string and the amount of allocated memory. - * The amount must be larger than the string length, because the string you - * pass is supposed to be a NUL-terminated string. This string _must_ be - * malloc()ed, and after attaching, the pointer cannot be relied upon - * anymore, and neither be free()d directly. - */ -void strbuf_attach(struct strbuf *sb, void *str, size_t len, size_t mem); + * Attach a string to a buffer. You should specify the string to attach + * and its length. The amount of allocated memory will be assumed to be + * one greater than the length. The string you pass is supposed to be a + * NUL-terminated string. This string _must_ be malloc()ed, and after + * attaching, the pointer cannot be relied upon anymore, nor should it + * be free()d directly. + */ +void strbuf_attach(struct strbuf *sb, void *str, size_t len); /** * Swap the contents of two string buffers. diff --git a/apply.c b/apply.c index 144c19aaca..678cee5535 100644 --- a/apply.c +++ b/apply.c @@ -3251,7 +3251,7 @@ static int read_blob_object(struct strbuf *buf, const struct object_id *oid, uns if (!result) return -1; /* XXX read_sha1_file NUL-terminates */ - strbuf_attach(buf, result, sz, sz + 1); + strbuf_attach(buf, result, sz); } return 0; } diff --git a/archive.c b/archive.c index fb39706120..bef66f8574 100644 --- a/archive.c +++ b/archive.c @@ -89,7 +89,7 @@ void *object_file_to_archive(const struct archiver_args *args, struct strbuf buf = STRBUF_INIT; size_t size = 0; - strbuf_attach(&buf, buffer, *sizep, *sizep + 1); + strbuf_attach(&buf, buffer, *sizep); convert_to_working_tree(args->repo->index, path, buf.buf, buf.len, &buf, &meta); if (commit) format_subst(commit, buf.buf, buf.len, &buf); diff --git a/blame.c b/blame.c index 29770e5c81..64218c2c6e 100644 --- a/blame.c +++ b/blame.c @@ -241,7 +241,7 @@ static struct commit *fake_working_tree_commit(struct repository *r, case S_IFREG: if (opt->flags.allow_textconv && textconv_object(r, read_from, mode, &null_oid, 0, &buf_ptr, &buf_len)) - strbuf_attach(&buf, buf_ptr, buf_len, buf_len + 1); + strbuf_attach(&buf, buf_ptr, buf_len); else if (strbuf_read_file(&buf, read_from, st.st_size) != st.st_size) die_errno("cannot open or read '%s'", read_from); break; diff --git a/builtin/am.c b/builtin/am.c index e6a9fe8111..0986ea4af2 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -1101,7 +1101,7 @@ static void am_append_signoff(struct am_state *state) { struct strbuf sb = STRBUF_INIT; - strbuf_attach(&sb, state->msg, state->msg_len, state->msg_len + 1); + strbuf_attach(&sb, state->msg, state->msg_len); append_signoff(&sb, 0, 0); state->msg = strbuf_detach(&sb, &state->msg_len); } diff --git a/convert.c b/convert.c index 5aa87d45e3..ee1941c662 100644 --- a/convert.c +++ b/convert.c @@ -467,7 +467,7 @@ static int encode_to_git(const char *path, const char *src, size_t src_len, free(re_src); } - strbuf_attach(buf, dst, dst_len, dst_len + 1); + strbuf_attach(buf, dst, dst_len); return 1; } @@ -492,7 +492,7 @@ static int encode_to_worktree(const char *path, const char *src, size_t src_len, return 0; } - strbuf_attach(buf, dst, dst_len, dst_len + 1); + strbuf_attach(buf, dst, dst_len); return 1; } diff --git a/imap-send.c b/imap-send.c index 6c54d8c29d..b36b9ff62d 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1212,7 +1212,7 @@ static void lf_to_crlf(struct strbuf *msg) new_msg[j++] = '\r'; lastc = new_msg[j++] = msg->buf[i]; } - strbuf_attach(msg, new_msg, j, j + 1); + strbuf_attach(msg, new_msg, j); } /* diff --git a/mailinfo.c b/mailinfo.c index af5d2cad31..cdcb6af8c1 100644 --- a/mailinfo.c +++ b/mailinfo.c @@ -459,7 +459,7 @@ static int convert_to_utf8(struct mailinfo *mi, return error("cannot convert from %s to %s", charset, mi->metainfo_charset); } - strbuf_attach(line, out, strlen(out), strlen(out) + 1); + strbuf_attach(line, out, strlen(out)); return 0; } diff --git a/merge-recursive.c b/merge-recursive.c index d92e2acf1e..5cdd797ada 100644 --- a/merge-recursive.c +++ b/merge-recursive.c @@ -2963,7 +2963,7 @@ static int read_oid_strbuf(struct merge_options *opt, free(buf); return err(opt, _("object %s is not a blob"), oid_to_hex(oid)); } - strbuf_attach(dst, buf, size, size + 1); + strbuf_attach(dst, buf, size); return 0; } diff --git a/path.c b/path.c index 5745a71d36..5474bbd079 100644 --- a/path.c +++ b/path.c @@ -815,8 +815,7 @@ const char *enter_repo(const char *path, int strict) char *newpath = expand_user_path(used_path.buf, 0); if (!newpath) return NULL; - strbuf_attach(&used_path, newpath, strlen(newpath), - strlen(newpath) + 1); + strbuf_attach(&used_path, newpath, strlen(newpath)); } for (i = 0; suffix[i]; i++) { struct stat st; diff --git a/pretty.c b/pretty.c index 28afc701b6..e1abe8ac89 100644 --- a/pretty.c +++ b/pretty.c @@ -590,7 +590,7 @@ static char *replace_encoding_header(char *buf, const char *encoding) return buf; /* should not happen but be defensive */ len = cp + 1 - (buf + start); - strbuf_attach(&tmp, buf, strlen(buf), strlen(buf) + 1); + strbuf_attach(&tmp, buf, strlen(buf)); if (is_encoding_utf8(encoding)) { /* we have re-coded to UTF-8; drop the header */ strbuf_remove(&tmp, start, len); @@ -1687,7 +1687,7 @@ void repo_format_commit_message(struct repository *r, char *out = reencode_string_len(sb->buf, sb->len, output_enc, utf8, &outsz); if (out) - strbuf_attach(sb, out, outsz, outsz + 1); + strbuf_attach(sb, out, outsz); } free(context.commit_encoding); diff --git a/refs/files-backend.c b/refs/files-backend.c index 76bb2ef490..4ce9f2cda4 100644 --- a/refs/files-backend.c +++ b/refs/files-backend.c @@ -1514,7 +1514,7 @@ static int commit_ref(struct ref_lock *lock) size_t len = strlen(path); struct strbuf sb_path = STRBUF_INIT; - strbuf_attach(&sb_path, path, len, len + 1); + strbuf_attach(&sb_path, path, len); /* * If this fails, commit_lock_file() will also fail diff --git a/strbuf.c b/strbuf.c index deb338412e..e74253f91d 100644 --- a/strbuf.c +++ b/strbuf.c @@ -77,13 +77,16 @@ char *strbuf_detach(struct strbuf *sb, size_t *sz) return res; } -void strbuf_attach(struct strbuf *sb, void *buf, size_t len, size_t alloc) +void strbuf_attach(struct strbuf *sb, void *buf, size_t len) { + if (!buf) + BUG("NULL-buffer in strbuf_attach"); + if (unsigned_add_overflows(len, 1)) + die("you want to use way too much memory"); strbuf_release(sb); sb->buf = buf; sb->len = len; - sb->alloc = alloc; - strbuf_grow(sb, 0); + sb->alloc = len + 1; sb->buf[sb->len] = '\0'; } @@ -152,7 +155,7 @@ int strbuf_reencode(struct strbuf *sb, const char *from, const char *to) if (!out) return -1; - strbuf_attach(sb, out, len, len + 1); + strbuf_attach(sb, out, len); return 0; } diff --git a/trailer.c b/trailer.c index 135f71aef1..30bc622723 100644 --- a/trailer.c +++ b/trailer.c @@ -1095,8 +1095,7 @@ void trailer_info_get(struct trailer_info *info, const char *str, for (ptr = trailer_lines; *ptr; ptr++) { if (last && isspace((*ptr)->buf[0])) { struct strbuf sb = STRBUF_INIT; - strbuf_attach(&sb, *last, strlen(*last), - strlen(*last) + 1); + strbuf_attach(&sb, *last, strlen(*last)); strbuf_addbuf(&sb, *ptr); *last = strbuf_detach(&sb, NULL); continue;