diff options
author | Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com> | 2020-03-10 13:11:22 +0000 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2020-03-10 11:41:40 -0700 |
commit | 3d7747e318532a36a263c61cdf92f2decb6424ff (patch) | |
tree | 3d00f009afde0dea8008eb7a40b379c9225023e5 /editor.c | |
parent | set_git_dir: fix crash when used with real_path() (diff) | |
download | tgif-3d7747e318532a36a263c61cdf92f2decb6424ff.tar.xz |
real_path: remove unsafe API
Returning a shared buffer invites very subtle bugs due to reentrancy or
multi-threading, as demonstrated by the previous patch.
There was an unfinished effort to abolish this [1].
Let's finally rid of `real_path()`, using `strbuf_realpath()` instead.
This patch uses a local `strbuf` for most places where `real_path()` was
previously called.
However, two places return the value of `real_path()` to the caller. For
them, a `static` local `strbuf` was added, effectively pushing the
problem one level higher:
read_gitfile_gently()
get_superproject_working_tree()
[1] https://lore.kernel.org/git/1480964316-99305-1-git-send-email-bmwill@google.com/
Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'editor.c')
-rw-r--r-- | editor.c | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -54,7 +54,8 @@ static int launch_specified_editor(const char *editor, const char *path, return error("Terminal is dumb, but EDITOR unset"); if (strcmp(editor, ":")) { - const char *args[] = { editor, real_path(path), NULL }; + struct strbuf realpath = STRBUF_INIT; + const char *args[] = { editor, NULL, NULL }; struct child_process p = CHILD_PROCESS_INIT; int ret, sig; int print_waiting_for_editor = advice_waiting_for_editor && isatty(2); @@ -75,16 +76,22 @@ static int launch_specified_editor(const char *editor, const char *path, fflush(stderr); } + strbuf_realpath(&realpath, path, 1); + args[1] = realpath.buf; + p.argv = args; p.env = env; p.use_shell = 1; p.trace2_child_class = "editor"; - if (start_command(&p) < 0) + if (start_command(&p) < 0) { + strbuf_release(&realpath); return error("unable to start editor '%s'", editor); + } sigchain_push(SIGINT, SIG_IGN); sigchain_push(SIGQUIT, SIG_IGN); ret = finish_command(&p); + strbuf_release(&realpath); sig = ret - 128; sigchain_pop(SIGINT); sigchain_pop(SIGQUIT); |