https://github.com/git/git
Revision a5bb10fd5e74101e7c07da93e7c32bbe60f6173a authored by Taylor Blau on 06 April 2023, 18:07:58 UTC, committed by Johannes Schindelin on 17 April 2023, 19:15:40 UTC
When renaming (or deleting) a section of configuration, Git uses the function `git_config_copy_or_rename_section_in_file()` to rewrite the configuration file after applying the rename or deletion to the given section. To do this, Git repeatedly calls `fgets()` to read the existing configuration data into a fixed size buffer. When the configuration value under `old_name` exceeds the size of the buffer, we will call `fgets()` an additional time even if there is no newline in the configuration file, since our read length is capped at `sizeof(buf)`. If the first character of the buffer (after zero or more characters satisfying `isspace()`) is a '[', Git will incorrectly treat it as beginning a new section when the original section is being removed. In other words, a configuration value satisfying this criteria can incorrectly be considered as a new secftion instead of a variable in the original section. Avoid this issue by using a variable-width buffer in the form of a strbuf rather than a fixed-with region on the stack. A couple of small points worth noting: - Using a strbuf will cause us to allocate arbitrary sizes to match the length of each line. In practice, we don't expect any reasonable configuration files to have lines that long, and a bandaid will be introduced in a later patch to ensure that this is the case. - We are using strbuf_getwholeline() here instead of strbuf_getline() in order to match `fgets()`'s behavior of leaving the trailing LF character on the buffer (as well as a trailing NUL). This could be changed later, but using strbuf_getwholeline() changes the least about this function's implementation, so it is picked as the safest path. - It is temping to want to replace the loop to skip over characters matching isspace() at the beginning of the buffer with a convenience function like `strbuf_ltrim()`. But this is the wrong approach for a couple of reasons: First, it involves a potentially large and expensive `memmove()` which we would like to avoid. Second, and more importantly, we also *do* want to preserve those spaces to avoid changing the output of other sections. In all, this patch is a minimal replacement of the fixed-width buffer in `git_config_copy_or_rename_section_in_file()` to instead use a `struct strbuf`. Reported-by: André Baptista <andre@ethiack.com> Reported-by: Vítor Pinho <vitor@ethiack.com> Helped-by: Patrick Steinhardt <ps@pks.im> Co-authored-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Taylor Blau <me@ttaylorr.com>
1 parent 2919821
Tip revision: a5bb10fd5e74101e7c07da93e7c32bbe60f6173a authored by Taylor Blau on 06 April 2023, 18:07:58 UTC
config: avoid fixed-sized buffer when renaming/deleting a section
config: avoid fixed-sized buffer when renaming/deleting a section
Tip revision: a5bb10f
json-writer.c
#include "cache.h"
#include "json-writer.h"
void jw_init(struct json_writer *jw)
{
strbuf_init(&jw->json, 0);
strbuf_init(&jw->open_stack, 0);
jw->need_comma = 0;
jw->pretty = 0;
}
void jw_release(struct json_writer *jw)
{
strbuf_release(&jw->json);
strbuf_release(&jw->open_stack);
}
/*
* Append JSON-quoted version of the given string to 'out'.
*/
static void append_quoted_string(struct strbuf *out, const char *in)
{
unsigned char c;
strbuf_addch(out, '"');
while ((c = *in++) != '\0') {
if (c == '"')
strbuf_addstr(out, "\\\"");
else if (c == '\\')
strbuf_addstr(out, "\\\\");
else if (c == '\n')
strbuf_addstr(out, "\\n");
else if (c == '\r')
strbuf_addstr(out, "\\r");
else if (c == '\t')
strbuf_addstr(out, "\\t");
else if (c == '\f')
strbuf_addstr(out, "\\f");
else if (c == '\b')
strbuf_addstr(out, "\\b");
else if (c < 0x20)
strbuf_addf(out, "\\u%04x", c);
else
strbuf_addch(out, c);
}
strbuf_addch(out, '"');
}
static void indent_pretty(struct json_writer *jw)
{
int k;
for (k = 0; k < jw->open_stack.len; k++)
strbuf_addstr(&jw->json, " ");
}
/*
* Begin an object or array (either top-level or nested within the currently
* open object or array).
*/
static void begin(struct json_writer *jw, char ch_open, int pretty)
{
jw->pretty = pretty;
strbuf_addch(&jw->json, ch_open);
strbuf_addch(&jw->open_stack, ch_open);
jw->need_comma = 0;
}
/*
* Assert that the top of the open-stack is an object.
*/
static void assert_in_object(const struct json_writer *jw, const char *key)
{
if (!jw->open_stack.len)
BUG("json-writer: object: missing jw_object_begin(): '%s'", key);
if (jw->open_stack.buf[jw->open_stack.len - 1] != '{')
BUG("json-writer: object: not in object: '%s'", key);
}
/*
* Assert that the top of the open-stack is an array.
*/
static void assert_in_array(const struct json_writer *jw)
{
if (!jw->open_stack.len)
BUG("json-writer: array: missing jw_array_begin()");
if (jw->open_stack.buf[jw->open_stack.len - 1] != '[')
BUG("json-writer: array: not in array");
}
/*
* Add comma if we have already seen a member at this level.
*/
static void maybe_add_comma(struct json_writer *jw)
{
if (jw->need_comma)
strbuf_addch(&jw->json, ',');
else
jw->need_comma = 1;
}
static void fmt_double(struct json_writer *jw, int precision,
double value)
{
if (precision < 0) {
strbuf_addf(&jw->json, "%f", value);
} else {
struct strbuf fmt = STRBUF_INIT;
strbuf_addf(&fmt, "%%.%df", precision);
strbuf_addf(&jw->json, fmt.buf, value);
strbuf_release(&fmt);
}
}
static void object_common(struct json_writer *jw, const char *key)
{
assert_in_object(jw, key);
maybe_add_comma(jw);
if (jw->pretty) {
strbuf_addch(&jw->json, '\n');
indent_pretty(jw);
}
append_quoted_string(&jw->json, key);
strbuf_addch(&jw->json, ':');
if (jw->pretty)
strbuf_addch(&jw->json, ' ');
}
static void array_common(struct json_writer *jw)
{
assert_in_array(jw);
maybe_add_comma(jw);
if (jw->pretty) {
strbuf_addch(&jw->json, '\n');
indent_pretty(jw);
}
}
/*
* Assert that the given JSON object or JSON array has been properly
* terminated. (Has closing bracket.)
*/
static void assert_is_terminated(const struct json_writer *jw)
{
if (jw->open_stack.len)
BUG("json-writer: object: missing jw_end(): '%s'",
jw->json.buf);
}
void jw_object_begin(struct json_writer *jw, int pretty)
{
begin(jw, '{', pretty);
}
void jw_object_string(struct json_writer *jw, const char *key, const char *value)
{
object_common(jw, key);
append_quoted_string(&jw->json, value);
}
void jw_object_intmax(struct json_writer *jw, const char *key, intmax_t value)
{
object_common(jw, key);
strbuf_addf(&jw->json, "%"PRIdMAX, value);
}
void jw_object_double(struct json_writer *jw, const char *key, int precision,
double value)
{
object_common(jw, key);
fmt_double(jw, precision, value);
}
void jw_object_true(struct json_writer *jw, const char *key)
{
object_common(jw, key);
strbuf_addstr(&jw->json, "true");
}
void jw_object_false(struct json_writer *jw, const char *key)
{
object_common(jw, key);
strbuf_addstr(&jw->json, "false");
}
void jw_object_bool(struct json_writer *jw, const char *key, int value)
{
if (value)
jw_object_true(jw, key);
else
jw_object_false(jw, key);
}
void jw_object_null(struct json_writer *jw, const char *key)
{
object_common(jw, key);
strbuf_addstr(&jw->json, "null");
}
static void increase_indent(struct strbuf *sb,
const struct json_writer *jw,
int indent)
{
int k;
strbuf_reset(sb);
for (k = 0; k < jw->json.len; k++) {
char ch = jw->json.buf[k];
strbuf_addch(sb, ch);
if (ch == '\n')
strbuf_addchars(sb, ' ', indent);
}
}
static void kill_indent(struct strbuf *sb,
const struct json_writer *jw)
{
int k;
int eat_it = 0;
strbuf_reset(sb);
for (k = 0; k < jw->json.len; k++) {
char ch = jw->json.buf[k];
if (eat_it && ch == ' ')
continue;
if (ch == '\n') {
eat_it = 1;
continue;
}
eat_it = 0;
strbuf_addch(sb, ch);
}
}
static void append_sub_jw(struct json_writer *jw,
const struct json_writer *value)
{
/*
* If both are pretty, increase the indentation of the sub_jw
* to better fit under the super.
*
* If the super is pretty, but the sub_jw is compact, leave the
* sub_jw compact. (We don't want to parse and rebuild the sub_jw
* for this debug-ish feature.)
*
* If the super is compact, and the sub_jw is pretty, convert
* the sub_jw to compact.
*
* If both are compact, keep the sub_jw compact.
*/
if (jw->pretty && jw->open_stack.len && value->pretty) {
struct strbuf sb = STRBUF_INIT;
increase_indent(&sb, value, jw->open_stack.len * 2);
strbuf_addbuf(&jw->json, &sb);
strbuf_release(&sb);
return;
}
if (!jw->pretty && value->pretty) {
struct strbuf sb = STRBUF_INIT;
kill_indent(&sb, value);
strbuf_addbuf(&jw->json, &sb);
strbuf_release(&sb);
return;
}
strbuf_addbuf(&jw->json, &value->json);
}
/*
* Append existing (properly terminated) JSON sub-data (object or array)
* as-is onto the given JSON data.
*/
void jw_object_sub_jw(struct json_writer *jw, const char *key,
const struct json_writer *value)
{
assert_is_terminated(value);
object_common(jw, key);
append_sub_jw(jw, value);
}
void jw_object_inline_begin_object(struct json_writer *jw, const char *key)
{
object_common(jw, key);
jw_object_begin(jw, jw->pretty);
}
void jw_object_inline_begin_array(struct json_writer *jw, const char *key)
{
object_common(jw, key);
jw_array_begin(jw, jw->pretty);
}
void jw_array_begin(struct json_writer *jw, int pretty)
{
begin(jw, '[', pretty);
}
void jw_array_string(struct json_writer *jw, const char *value)
{
array_common(jw);
append_quoted_string(&jw->json, value);
}
void jw_array_intmax(struct json_writer *jw, intmax_t value)
{
array_common(jw);
strbuf_addf(&jw->json, "%"PRIdMAX, value);
}
void jw_array_double(struct json_writer *jw, int precision, double value)
{
array_common(jw);
fmt_double(jw, precision, value);
}
void jw_array_true(struct json_writer *jw)
{
array_common(jw);
strbuf_addstr(&jw->json, "true");
}
void jw_array_false(struct json_writer *jw)
{
array_common(jw);
strbuf_addstr(&jw->json, "false");
}
void jw_array_bool(struct json_writer *jw, int value)
{
if (value)
jw_array_true(jw);
else
jw_array_false(jw);
}
void jw_array_null(struct json_writer *jw)
{
array_common(jw);
strbuf_addstr(&jw->json, "null");
}
void jw_array_sub_jw(struct json_writer *jw, const struct json_writer *value)
{
assert_is_terminated(value);
array_common(jw);
append_sub_jw(jw, value);
}
void jw_array_argc_argv(struct json_writer *jw, int argc, const char **argv)
{
int k;
for (k = 0; k < argc; k++)
jw_array_string(jw, argv[k]);
}
void jw_array_argv(struct json_writer *jw, const char **argv)
{
while (*argv)
jw_array_string(jw, *argv++);
}
void jw_array_inline_begin_object(struct json_writer *jw)
{
array_common(jw);
jw_object_begin(jw, jw->pretty);
}
void jw_array_inline_begin_array(struct json_writer *jw)
{
array_common(jw);
jw_array_begin(jw, jw->pretty);
}
int jw_is_terminated(const struct json_writer *jw)
{
return !jw->open_stack.len;
}
void jw_end(struct json_writer *jw)
{
char ch_open;
int len;
if (!jw->open_stack.len)
BUG("json-writer: too many jw_end(): '%s'", jw->json.buf);
len = jw->open_stack.len - 1;
ch_open = jw->open_stack.buf[len];
strbuf_setlen(&jw->open_stack, len);
jw->need_comma = 1;
if (jw->pretty) {
strbuf_addch(&jw->json, '\n');
indent_pretty(jw);
}
if (ch_open == '{')
strbuf_addch(&jw->json, '}');
else
strbuf_addch(&jw->json, ']');
}
Computing file changes ...