Page MenuHomePhorge
Differential D25332

Fix DifferentialGetCommitMessageConduitAPIMethod execute strlen(null)
ClosedPublic
Actions

Authored by Sten on Jul 5 2023, 08:16.
Tags
None
Referenced Files
F3297757: D25332.1742989436.diff
Tue, Mar 25, 11:43
F3295527: D25332.1742955621.diff
Tue, Mar 25, 02:20
F3294090: D25332.1742929267.diff
Mon, Mar 24, 19:01
F3283501: D25332.1742752538.diff
Sat, Mar 22, 17:55
F3221213: D25332.1741814097.diff
Tue, Mar 11, 21:14
F3027366: D25332.1740826325.diff
Fri, Feb 28, 10:52
F2993336: D25332.1740280042.diff
Feb 22 2025, 03:07
F2993335: D25332.1740280041.diff
Feb 22 2025, 03:07
View All 29 Files
Subscribers
Cigaryno
Matthew
speck
tobiaswiese
valerio.bozzolan

Details

Reviewers
valerio.bozzolan
Group Reviewers
O1: Blessed Committers
Maniphest Tasks
T15527: arc diff <differential.getcommitmessage> strlen(null) PHP 8.1 error
Commits
rPb3ac5ceb387f: Fix DifferentialGetCommitMessageConduitAPIMethod execute strlen(null)
Summary

When iterating through the fields of a differential commit, the DifferentialGetCommitMessageConduitAPIMethod execute method explicitly allows a value to be either a string or a null. It then calls strlen upon this possibly null value.

We could replace the strlen with phutil_nonempty_string, but as the code has already eliminated variable types other than string or null, it is more efficient to explicitly check for null or ''

$value === null or $value == ''

Fixes T15527

Test Plan

Run

arc diff

Diff Detail

Repository
rP Phorge
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Sten created this revision.Jul 5 2023, 08:16
Owners added a reviewer: O1: Blessed Committers.Jul 5 2023, 08:16
Herald added subscribers: Cigaryno, Matthew, valerio.bozzolan and 2 others. · View Herald TranscriptJul 5 2023, 08:16
Sten requested review of this revision.Jul 5 2023, 08:16
Harbormaster completed remote builds in B637: Diff 1072.Jul 5 2023, 08:16
valerio.bozzolan added inline comments.Jul 5 2023, 08:25
src/applications/differential/conduit/DifferentialGetCommitMessageConduitAPIMethod.php
107

Nice, at this point $value MUST be a string or NULL <3

118

Unfortunately $value == '' involves a PHP pitfall that causes the exclusion of a commit message consisting in the string "0".

THE COMMENT "0" IS TOTALLY AWESOME AND I MAKE IT ALL THE TIME SO YOU HAD BETTER NOT BREAK IT!!!

https://we.phorge.it/book/flavor/article/php_pitfalls/

Also fortunately, at this point, $value must be a string or null so we can just do a lovely native strict check, to exclude the case of an empty string. Another possibility: feel free to adopt if(!phutil_nonempty_string($value)) but I'm not a fan of "not non-empty" conditions.

Sten updated this revision to Diff 1087.Jul 5 2023, 16:21

Update empty string check to === '' as per review

Harbormaster completed remote builds in B650: Diff 1087.Jul 5 2023, 16:21
Sten marked an inline comment as done.Jul 5 2023, 16:22

Wouldn't want to deny you your '0' comments!

valerio.bozzolan accepted this revision.EditedJul 6 2023, 07:03

Tested, thanks! I was able to debug both NULL, empty string, and a populated string, just putting some stuff in the fields.

For the records, note again that !is_string($value) && !is_null($value) at the top, that is the reason why here we can avoid the strlen() at all, since we never handle objects, or weird stuff to be casted to string. It's just a string, or NULL. And the only string with zero bytes is ''.

sgtm

This revision is now accepted and ready to land.Jul 6 2023, 07:03
Closed by commit rPb3ac5ceb387f: Fix DifferentialGetCommitMessageConduitAPIMethod execute strlen(null). · Explain WhyJul 6 2023, 08:42
This revision was automatically updated to reflect the committed changes.
Sten added a commit: rPb3ac5ceb387f: Fix DifferentialGetCommitMessageConduitAPIMethod execute strlen(null).

Revision Contents
Changeset List

PathSizePackages
src/
applications/
differential/
conduit/
2 linesO1: Blessed Committers

Diff 1091

View Options

src/applications/differential/conduit/DifferentialGetCommitMessageConduitAPIMethod.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0