summaryrefslogtreecommitdiff
path: root/editor.c
diff options
context:
space:
mode:
authorAlexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>2020-03-10 13:11:22 (GMT)
committerJunio C Hamano <gitster@pobox.com>2020-03-10 18:41:40 (GMT)
commit3d7747e318532a36a263c61cdf92f2decb6424ff (patch)
tree3d00f009afde0dea8008eb7a40b379c9225023e5 /editor.c
parent0915a5b4cdf00a8c6c755b77b854725a183993b4 (diff)
downloadgit-3d7747e318532a36a263c61cdf92f2decb6424ff.zip
git-3d7747e318532a36a263c61cdf92f2decb6424ff.tar.gz
git-3d7747e318532a36a263c61cdf92f2decb6424ff.tar.bz2
real_path: remove unsafe API
Returning a shared buffer invites very subtle bugs due to reentrancy or multi-threading, as demonstrated by the previous patch. There was an unfinished effort to abolish this [1]. Let's finally rid of `real_path()`, using `strbuf_realpath()` instead. This patch uses a local `strbuf` for most places where `real_path()` was previously called. However, two places return the value of `real_path()` to the caller. For them, a `static` local `strbuf` was added, effectively pushing the problem one level higher: read_gitfile_gently() get_superproject_working_tree() [1] https://lore.kernel.org/git/1480964316-99305-1-git-send-email-bmwill@google.com/ Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'editor.c')
-rw-r--r--editor.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/editor.c b/editor.c
index f079abb..91989ee 100644
--- a/editor.c
+++ b/editor.c
@@ -54,7 +54,8 @@ static int launch_specified_editor(const char *editor, const char *path,
return error("Terminal is dumb, but EDITOR unset");
if (strcmp(editor, ":")) {
- const char *args[] = { editor, real_path(path), NULL };
+ struct strbuf realpath = STRBUF_INIT;
+ const char *args[] = { editor, NULL, NULL };
struct child_process p = CHILD_PROCESS_INIT;
int ret, sig;
int print_waiting_for_editor = advice_waiting_for_editor && isatty(2);
@@ -75,16 +76,22 @@ static int launch_specified_editor(const char *editor, const char *path,
fflush(stderr);
}
+ strbuf_realpath(&realpath, path, 1);
+ args[1] = realpath.buf;
+
p.argv = args;
p.env = env;
p.use_shell = 1;
p.trace2_child_class = "editor";
- if (start_command(&p) < 0)
+ if (start_command(&p) < 0) {
+ strbuf_release(&realpath);
return error("unable to start editor '%s'", editor);
+ }
sigchain_push(SIGINT, SIG_IGN);
sigchain_push(SIGQUIT, SIG_IGN);
ret = finish_command(&p);
+ strbuf_release(&realpath);
sig = ret - 128;
sigchain_pop(SIGINT);
sigchain_pop(SIGQUIT);