Re: [PATCH] strbuf_read_file(): preserve errno across close() call
On Fri, Feb 23, 2018 at 10:00:24PM +0100, René Scharfe wrote: > How about adding a stealthy close_no_errno(), or do something like the > following to get shorter and more readable code? (We could also keep > a single close() call, but would then set errno even on success.) > [...] > @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t > hint) > > if (got < 0) { > if (oldalloc == 0) > - strbuf_release(sb); > + IGNORE_ERROR(strbuf_release(sb)); > else > strbuf_setlen(sb, oldlen); > return -1; I dunno, that may be crossing the line of "too magical". I had envisioned something like: diff --git a/strbuf.c b/strbuf.c index 5f138ed3c8..0790dd7bcb 100644 --- a/strbuf.c +++ b/strbuf.c @@ -365,6 +365,14 @@ void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src) } } +/* release, but preserve errno */ +static void strbuf_release_careful(struct strbuf *sb) +{ + int saved_errno = errno; + strbuf_release(sb); + errno = saved_errno; +} + size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f) { size_t res; @@ -375,7 +383,7 @@ size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f) if (res > 0) strbuf_setlen(sb, sb->len + res); else if (oldalloc == 0) - strbuf_release(sb); + strbuf_release_careful(sb); return res; } @@ -391,7 +399,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t hint) if (got < 0) { if (oldalloc == 0) - strbuf_release(sb); + strbuf_release_careful(sb); else strbuf_setlen(sb, oldlen); return -1; @@ -416,7 +424,7 @@ ssize_t strbuf_read_once(struct strbuf *sb, int fd, size_t hint) if (cnt > 0) strbuf_setlen(sb, sb->len + cnt); else if (oldalloc == 0) - strbuf_release(sb); + strbuf_release_careful(sb); return cnt; } @@ -482,7 +490,7 @@ int strbuf_getcwd(struct strbuf *sb) break; } if (oldalloc == 0) - strbuf_release(sb); + strbuf_release_careful(sb); else strbuf_reset(sb); return -1; but that solution is definitely very specific to these cases. I also had a feeling I should be able to shove the "oldalloc" logic into the helper, too, but there are too many different behaviors in the "else" block. -Peff
Re: [PATCH] strbuf_read_file(): preserve errno across close() call
Am 23.02.2018 um 23:17 schrieb Junio C Hamano: > René Scharfewrites: > >> +#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while >> (0) > > The macro certainly is a cute idea, but ... > >> @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t >> hint) >> >> if (got < 0) { >> if (oldalloc == 0) >> -strbuf_release(sb); >> +IGNORE_ERROR(strbuf_release(sb)); >> else >> strbuf_setlen(sb, oldlen); >> return -1; > > ... ideally, I would imagine that we wish we could write this hunk > to something that expands to: > > if (got < 0) { > do { > int e_ = errno; > if (oldalloc == 0) > strbuf_release(sb); > else > strbuf_setlen(sb, oldlen); > errno = e_; > } while (0); > return -1; > > no? That is (1) we do not want to rely too much on knowing that > strbuf_setlen() is very thin and does not touch errno, and hence (2) > we want to mark not just a single expr but a block as "we know we > got an error and errno from that error is more precious than what we > do in this block to clean thihngs up". Relying on that internal knowledge should be OK in strbuf.c, but in this specific example we could of course do: if (oldalloc == 0) IGNORE_ERROR(strbuf_release(sb)); else IGNORE_ERROR(strbuf_setlen(sb, oldlen)); I guess ignoring errors of whole blocks is not that common, based on a quick search (git grep -W int.*_errno). And in such a case we could factor that code out into a separate function, if really needed. Or continue saving errno explicitly. Compilers should be smart enough to avoid saving and restoring errno between multiple uses of that macro, e.g. code like this would only do it once, from what I saw when experimenting with the Compiler Explorer (https://godbolt.org/): IGNORE_ERROR(close(fd1)); IGNORE_ERROR(close(fd2)); > Of course, a pair of macros > > #define IGNORE_ERROR_BEGIN do { int e_ = errno > #define IGNORE_ERROR_END errno = e_; } while (0) > > is probably the only way to do so in C, and that is already too ugly > to live, so we cannot achieve the ideal. > > So I dunno.. *shudder* > >> @@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char >> *path, size_t hint) >> if (fd < 0) >> return -1; >> len = strbuf_read(sb, fd, hint); >> -close(fd); >> -if (len < 0) >> +if (len < 0) { >> +IGNORE_ERROR(close(fd)); >> return -1; >> +} >> +close(fd); >> >> return len; >> }
Re: [PATCH] strbuf_read_file(): preserve errno across close() call
René Scharfewrites: > +#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while (0) The macro certainly is a cute idea, but ... > @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t > hint) > > if (got < 0) { > if (oldalloc == 0) > - strbuf_release(sb); > + IGNORE_ERROR(strbuf_release(sb)); > else > strbuf_setlen(sb, oldlen); > return -1; ... ideally, I would imagine that we wish we could write this hunk to something that expands to: if (got < 0) { do { int e_ = errno; if (oldalloc == 0) strbuf_release(sb); else strbuf_setlen(sb, oldlen); errno = e_; } while (0); return -1; no? That is (1) we do not want to rely too much on knowing that strbuf_setlen() is very thin and does not touch errno, and hence (2) we want to mark not just a single expr but a block as "we know we got an error and errno from that error is more precious than what we do in this block to clean thihngs up". Of course, a pair of macros #define IGNORE_ERROR_BEGIN do { int e_ = errno #define IGNORE_ERROR_END errno = e_; } while (0) is probably the only way to do so in C, and that is already too ugly to live, so we cannot achieve the ideal. So I dunno.. > @@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char > *path, size_t hint) > if (fd < 0) > return -1; > len = strbuf_read(sb, fd, hint); > - close(fd); > - if (len < 0) > + if (len < 0) { > + IGNORE_ERROR(close(fd)); > return -1; > + } > + close(fd); > > return len; > }
Re: [PATCH] strbuf_read_file(): preserve errno across close() call
Am 23.02.2018 um 08:00 schrieb Jeff King: > On Fri, Feb 23, 2018 at 01:49:52AM -0500, Jeff King wrote: > Subject: [PATCH] strbuf_read_file(): preserve errno across close() call > > If we encounter a read error, the user may want to report it > by looking at errno. However, our close() call may clobber > errno, leading to confusing results. Let's save and restore > it in the error case. Good idea. > Signed-off-by: Jeff King <p...@peff.net> > --- > strbuf.c | 6 +- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/strbuf.c b/strbuf.c > index 1df674e919..5f138ed3c8 100644 > --- a/strbuf.c > +++ b/strbuf.c > @@ -612,14 +612,18 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char > *path, size_t hint) > { > int fd; > ssize_t len; > + int saved_errno; > > fd = open(path, O_RDONLY); > if (fd < 0) > return -1; > len = strbuf_read(sb, fd, hint); > + saved_errno = errno; > close(fd); > - if (len < 0) > + if (len < 0) { > + errno = saved_errno; > return -1; > + } > > return len; > } How about adding a stealthy close_no_errno(), or do something like the following to get shorter and more readable code? (We could also keep a single close() call, but would then set errno even on success.) --- strbuf.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/strbuf.c b/strbuf.c index 1df674e919..c0066b1db9 100644 --- a/strbuf.c +++ b/strbuf.c @@ -2,6 +2,8 @@ #include "refs.h" #include "utf8.h" +#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while (0) + int starts_with(const char *str, const char *prefix) { for (; ; str++, prefix++) @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t hint) if (got < 0) { if (oldalloc == 0) - strbuf_release(sb); + IGNORE_ERROR(strbuf_release(sb)); else strbuf_setlen(sb, oldlen); return -1; @@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint) if (fd < 0) return -1; len = strbuf_read(sb, fd, hint); - close(fd); - if (len < 0) + if (len < 0) { + IGNORE_ERROR(close(fd)); return -1; + } + close(fd); return len; }
[PATCH] strbuf_read_file(): preserve errno across close() call
On Fri, Feb 23, 2018 at 01:49:52AM -0500, Jeff King wrote: > > +static ssize_t strbuf_read_file_or_whine(struct strbuf *sb, const char > > *path) > > +{ > > + int fd; > > + ssize_t len; > > + > > + fd = open(path, O_RDONLY); > > + if (fd < 0) > > + return error_errno(_("could not open '%s'"), path); > > + len = strbuf_read(sb, fd, 0); > > + close(fd); > > + if (len < 0) > > + return error(_("could not read '%s'."), path); > > + return len; > > +} > > If we were to use error_errno() in the second conditional here, we > should take care not to clobber errno during the close(). I think > strbuf_read_file() actually has the same problem, which might be worth > fixing. Here's a patch, while I'm thinking about it. I notice that quite a few strbuf error paths may call strbuf_release(), too. Technically free() may clobber errno, too. I don't know if it's worth protecting against (IIRC POSIX is being amended to disallow this, but I have no idea how common it is in existing platforms). -- >8 -- Subject: [PATCH] strbuf_read_file(): preserve errno across close() call If we encounter a read error, the user may want to report it by looking at errno. However, our close() call may clobber errno, leading to confusing results. Let's save and restore it in the error case. Signed-off-by: Jeff King <p...@peff.net> --- strbuf.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/strbuf.c b/strbuf.c index 1df674e919..5f138ed3c8 100644 --- a/strbuf.c +++ b/strbuf.c @@ -612,14 +612,18 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint) { int fd; ssize_t len; + int saved_errno; fd = open(path, O_RDONLY); if (fd < 0) return -1; len = strbuf_read(sb, fd, hint); + saved_errno = errno; close(fd); - if (len < 0) + if (len < 0) { + errno = saved_errno; return -1; + } return len; } -- 2.16.2.580.g96c83ce8ea