diff options
| author | Jeff King <peff@peff.net> | 2015-06-30 13:26:53 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-07-21 05:17:06 (GMT) |
| commit | e4f031e34b08e3217c10942e682920a6939308a0 (patch) | |
| tree | 7988cf4a7edab0ed17a16a5be99f1a044821a284 /strbuf.c | |
| parent | aa1462cc3d3b0c4c8ad6a60aaf31e0f3a424162d (diff) | |
| download | git-e4f031e34b08e3217c10942e682920a6939308a0.zip git-e4f031e34b08e3217c10942e682920a6939308a0.tar.gz git-e4f031e34b08e3217c10942e682920a6939308a0.tar.bz2 | |
strbuf: make strbuf_addftime more robust
The return value of strftime is poorly designed; when it
returns 0, the caller cannot tell if the buffer was not
large enough, or if the output was actually 0 bytes. In the
original implementation of strbuf_addftime, we simply punted
and guessed that our 128-byte hint would be large enough.
We can do better, though, if we're willing to treat strftime
like less of a black box. We can munge the incoming format
to make sure that it never produces 0-length output, and
then "fix" the resulting output. That lets us reliably grow
the buffer based on strftime's return value.
Clever-idea-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'strbuf.c')
| -rw-r--r-- | strbuf.c | 38 |
1 files changed, 21 insertions, 17 deletions
@@ -712,29 +712,33 @@ char *xstrfmt(const char *fmt, ...) void strbuf_addftime(struct strbuf *sb, const char *fmt, const struct tm *tm) { + size_t hint = 128; size_t len; - /* - * strftime reports "0" if it could not fit the result in the buffer. - * Unfortunately, it also reports "0" if the requested time string - * takes 0 bytes. So if we were to probe and grow, we have to choose - * some arbitrary cap beyond which we guess that the format probably - * just results in a 0-length output. Since we have to choose some - * reasonable cap anyway, and since it is not that big, we may - * as well just grow to their in the first place. - */ - strbuf_grow(sb, 128); + if (!*fmt) + return; + + strbuf_grow(sb, hint); len = strftime(sb->buf + sb->len, sb->alloc - sb->len, fmt, tm); if (!len) { /* - * Either we failed, or the format actually produces a 0-length - * output. There's not much we can do, so we leave it blank. - * However, the output array is left in an undefined state, so - * we must re-assert our NUL terminator. + * strftime reports "0" if it could not fit the result in the buffer. + * Unfortunately, it also reports "0" if the requested time string + * takes 0 bytes. So our strategy is to munge the format so that the + * output contains at least one character, and then drop the extra + * character before returning. */ - sb->buf[sb->len] = '\0'; - } else { - sb->len += len; + struct strbuf munged_fmt = STRBUF_INIT; + strbuf_addf(&munged_fmt, "%s ", fmt); + while (!len) { + hint *= 2; + strbuf_grow(sb, hint); + len = strftime(sb->buf + sb->len, sb->alloc - sb->len, + munged_fmt.buf, tm); + } + strbuf_release(&munged_fmt); + len--; /* drop munged space */ } + strbuf_setlen(sb, sb->len + len); } |