search

pharo-project / pharo

Pharo is a dynamic reflective pure object-oriented language supporting live programming inspired by Smalltalk.
http://pharo.org
Other
1.21k stars 356 forks source link

LGitId>>hexString doesn't work with threaded FFI and is susceptible to buffer overruns #5379

Open akgrant43 opened 4 years ago

akgrant43 commented 4 years ago

LGitId>>hexString proposed improvements:

  1. Pass a ByteArray as the return buffer instead of String in #hexString. Using a String works in Squeak FFI as the result is guaranteed to be ascii, but it is bad practice in general. In Threaded FFI Strings are utf8 encoded and then passed in a buffer that is discarded after the call completes, i.e. they can't be used to return values (which is good since the decoding hasn't been done).
  2. Use git_oid_nfmt() instead of git_oid_fmt(). The latter is suspectable to buffer overruns, which will corrupt object memory.

As implied in the first point above, this change is a pre-requisite for using LibGit with threaded FFI due to the improvement in string handling.

PR: https://github.com/pharo-vcs/libgit2-pharo-bindings/pull/31

Ducasse commented 4 years ago

Guille so that you see this issue.