From f5b4dc7668b6c8d71432af9f9ddad6f7c62d284e Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 5 Sep 2017 08:14:40 -0400 Subject: tempfile: handle NULL tempfile pointers gracefully The tempfile functions all take pointers to tempfile objects, but do not check whether the argument is NULL. This isn't a big deal in practice, since the lifetime of any tempfile object is defined to last for the whole program. So even if we try to call delete_tempfile() on an already-deleted tempfile, our "active" check will tell us that it's a noop. In preparation for transitioning to a new system that loosens the "tempfile objects can never be freed" rule, let's tighten up our active checks: 1. A NULL pointer is now defined as "inactive" (so it will BUG for most functions, but works as a silent noop for things like delete_tempfile). 2. Functions should always do the "active" check before looking at any of the struct fields. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- tempfile.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'tempfile.c') diff --git a/tempfile.c b/tempfile.c index 964c66d504..861f817133 100644 --- a/tempfile.c +++ b/tempfile.c @@ -236,13 +236,15 @@ FILE *get_tempfile_fp(struct tempfile *tempfile) int close_tempfile_gently(struct tempfile *tempfile) { - int fd = tempfile->fd; - FILE *fp = tempfile->fp; + int fd; + FILE *fp; int err; - if (fd < 0) + if (!is_tempfile_active(tempfile) || tempfile->fd < 0) return 0; + fd = tempfile->fd; + fp = tempfile->fp; tempfile->fd = -1; if (fp) { tempfile->fp = NULL; @@ -262,10 +264,10 @@ int close_tempfile_gently(struct tempfile *tempfile) int reopen_tempfile(struct tempfile *tempfile) { - if (0 <= tempfile->fd) - die("BUG: reopen_tempfile called for an open object"); if (!is_tempfile_active(tempfile)) die("BUG: reopen_tempfile called for an inactive object"); + if (0 <= tempfile->fd) + die("BUG: reopen_tempfile called for an open object"); tempfile->fd = open(tempfile->filename.buf, O_WRONLY); return tempfile->fd; } -- cgit v1.2.1