summaryrefslogtreecommitdiffstats
path: root/strbuf.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2015-06-30 15:26:53 +0200
committerJunio C Hamano <gitster@pobox.com>2015-07-21 07:17:06 +0200
commite4f031e34b08e3217c10942e682920a6939308a0 (patch)
tree7988cf4a7edab0ed17a16a5be99f1a044821a284 /strbuf.c
parentintroduce "format" date-mode (diff)
downloadgit-e4f031e34b08e3217c10942e682920a6939308a0.tar.xz
git-e4f031e34b08e3217c10942e682920a6939308a0.zip
strbuf: make strbuf_addftime more robust
The return value of strftime is poorly designed; when it returns 0, the caller cannot tell if the buffer was not large enough, or if the output was actually 0 bytes. In the original implementation of strbuf_addftime, we simply punted and guessed that our 128-byte hint would be large enough. We can do better, though, if we're willing to treat strftime like less of a black box. We can munge the incoming format to make sure that it never produces 0-length output, and then "fix" the resulting output. That lets us reliably grow the buffer based on strftime's return value. Clever-idea-by: Eric Sunshine <sunshine@sunshineco.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'strbuf.c')
-rw-r--r--strbuf.c38
1 files changed, 21 insertions, 17 deletions
diff --git a/strbuf.c b/strbuf.c
index a7ba028130..e5e7370092 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -712,29 +712,33 @@ char *xstrfmt(const char *fmt, ...)
void strbuf_addftime(struct strbuf *sb, const char *fmt, const struct tm *tm)
{
+ size_t hint = 128;
size_t len;
- /*
- * strftime reports "0" if it could not fit the result in the buffer.
- * Unfortunately, it also reports "0" if the requested time string
- * takes 0 bytes. So if we were to probe and grow, we have to choose
- * some arbitrary cap beyond which we guess that the format probably
- * just results in a 0-length output. Since we have to choose some
- * reasonable cap anyway, and since it is not that big, we may
- * as well just grow to their in the first place.
- */
- strbuf_grow(sb, 128);
+ if (!*fmt)
+ return;
+
+ strbuf_grow(sb, hint);
len = strftime(sb->buf + sb->len, sb->alloc - sb->len, fmt, tm);
if (!len) {
/*
- * Either we failed, or the format actually produces a 0-length
- * output. There's not much we can do, so we leave it blank.
- * However, the output array is left in an undefined state, so
- * we must re-assert our NUL terminator.
+ * strftime reports "0" if it could not fit the result in the buffer.
+ * Unfortunately, it also reports "0" if the requested time string
+ * takes 0 bytes. So our strategy is to munge the format so that the
+ * output contains at least one character, and then drop the extra
+ * character before returning.
*/
- sb->buf[sb->len] = '\0';
- } else {
- sb->len += len;
+ struct strbuf munged_fmt = STRBUF_INIT;
+ strbuf_addf(&munged_fmt, "%s ", fmt);
+ while (!len) {
+ hint *= 2;
+ strbuf_grow(sb, hint);
+ len = strftime(sb->buf + sb->len, sb->alloc - sb->len,
+ munged_fmt.buf, tm);
+ }
+ strbuf_release(&munged_fmt);
+ len--; /* drop munged space */
}
+ strbuf_setlen(sb, sb->len + len);
}