run-command: forbid using run_command with piped output
authorJeff King <peff@peff.net>
Mon, 23 Mar 2015 03:54:05 +0000 (23:54 -0400)
committerJunio C Hamano <gitster@pobox.com>
Mon, 23 Mar 2015 04:39:22 +0000 (21:39 -0700)
Because run_command both spawns and wait()s for the command
before returning control to the caller, any reads from the
pipes we open must necessarily happen after wait() returns.
This can lead to deadlock, as the child process may block
on writing to us while we are blocked waiting for it to
exit.

Worse, it only happens when the child fills the pipe
buffer, which means that the problem may come and go
depending on the platform and the size of the output
produced by the child.

Let's detect and flag this dangerous construct so that we
can catch potential bugs early in the test suite rather than
having them happen in the field.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
run-command.c
index 65ecbe31d7a61b20f42fd40eaf72d422c0c57a99..4184e8d9f3a61459df1d4fa4cdec8a59386f1f17 100644 (file)
@@ -561,7 +561,12 @@ int finish_command(struct child_process *cmd)
 
 int run_command(struct child_process *cmd)
 {
-       int code = start_command(cmd);
+       int code;
+
+       if (cmd->out < 0 || cmd->err < 0)
+               die("BUG: run_command with a pipe can cause deadlock");
+
+       code = start_command(cmd);
        if (code)
                return code;
        return finish_command(cmd);