From 3ffefb54c0515308ceafb6ba071567d9fd379498 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 10 Jun 2014 17:36:52 -0400 Subject: commit_tree: take a pointer/len pair rather than a const strbuf While strbufs are pretty common throughout our code, it is more flexible for functions to take a pointer/len pair than a strbuf. It's easy to turn a strbuf into such a pair (by dereferencing its members), but less easy to go the other way (you can strbuf_attach, but that has implications about memory ownership). This patch teaches commit_tree (and its associated callers and sub-functions) to take such a pair for the commit message rather than a strbuf. This makes passing the buffer around slightly more verbose, but means we can get rid of some dangerous strbuf_attach calls in the next patch. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- notes-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'notes-cache.c') diff --git a/notes-cache.c b/notes-cache.c index eabe4a0d9b..9d27b66ebc 100644 --- a/notes-cache.c +++ b/notes-cache.c @@ -59,7 +59,7 @@ int notes_cache_write(struct notes_cache *c) return -1; strbuf_attach(&msg, c->validity, strlen(c->validity), strlen(c->validity) + 1); - if (commit_tree(&msg, tree_sha1, NULL, commit_sha1, NULL, NULL) < 0) + if (commit_tree(msg.buf, msg.len, tree_sha1, NULL, commit_sha1, NULL, NULL) < 0) return -1; if (update_ref("update notes cache", c->tree.ref, commit_sha1, NULL, 0, QUIET_ON_ERR) < 0) -- cgit v1.2.1 From e6dfcd6767a58816dacec0df39515803b267fbe6 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 10 Jun 2014 17:38:38 -0400 Subject: replace dangerous uses of strbuf_attach It is not a good idea to strbuf_attach an arbitrary pointer just because a function you are calling wants a strbuf. Attaching implies a transfer of memory ownership; if anyone were to modify or release the resulting strbuf, we would free() the pointer, leading to possible problems: 1. Other users of the original pointer might access freed memory. 2. The pointer might not be the start of a malloc'd area, so calling free() on it in the first place would be wrong. In the two cases modified here, we are fortunate that nobody touches the strbuf once it is attached, but it is an accident waiting to happen. Since the previous commit, commit_tree and friends take a pointer/buf pair, so we can just do away with the strbufs entirely. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- notes-cache.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'notes-cache.c') diff --git a/notes-cache.c b/notes-cache.c index 9d27b66ebc..25b20aa21f 100644 --- a/notes-cache.c +++ b/notes-cache.c @@ -48,7 +48,6 @@ int notes_cache_write(struct notes_cache *c) { unsigned char tree_sha1[20]; unsigned char commit_sha1[20]; - struct strbuf msg = STRBUF_INIT; if (!c || !c->tree.initialized || !c->tree.ref || !*c->tree.ref) return -1; @@ -57,9 +56,8 @@ int notes_cache_write(struct notes_cache *c) if (write_notes_tree(&c->tree, tree_sha1)) return -1; - strbuf_attach(&msg, c->validity, - strlen(c->validity), strlen(c->validity) + 1); - if (commit_tree(msg.buf, msg.len, tree_sha1, NULL, commit_sha1, NULL, NULL) < 0) + if (commit_tree(c->validity, strlen(c->validity), tree_sha1, NULL, + commit_sha1, NULL, NULL) < 0) return -1; if (update_ref("update notes cache", c->tree.ref, commit_sha1, NULL, 0, QUIET_ON_ERR) < 0) -- cgit v1.2.1