[PATCH 3 of 3] cmdserver: protect pipe server streams against corruption caused by direct io
Yuya Nishihara
yuya at tcha.org
Sat Nov 15 21:02:37 CST 2014
On Sat, 15 Nov 2014 08:40:15 -0800, Gregory Szorc wrote:
> On 11/15/14 2:34 AM, Yuya Nishihara wrote:
> > # HG changeset patch
> > # User Yuya Nishihara <yuya at tcha.org>
> > # Date 1416027043 -32400
> > # Sat Nov 15 13:50:43 2014 +0900
> > # Node ID 15b63d55d18198a1e2621c79419b7b1f66a8875e
> > # Parent d6e1a0cd0da71ebd777d2f35a52b6390ca3915e8
> > cmdserver: protect pipe server streams against corruption caused by direct io
> >
> > Because pipe-mode server uses stdio as IPC channel, other modules should not
> > touch stdio directly and use ui instead. However, this strategy is brittle
> > because several Python functions read and write stdio implicitly.
> >
> > print 'hello' # should use ui.write()
> > # => ch = 'h', size = 1701604463 'ello', data = '\n'
> >
> > This patch adds protection for such mistakes. Both stdio files and low-level
> > file descriptors are redirected to /dev/null while command server uses them.
>
> Did you consider installing a wrapper object into sys.std* that converts
> raw I/O into the proper format and having the pipe server and ui write
> into the "real" fds? That would seem like a safer and more robust
> approach, especially for people with extensions using 3rd party
> libraries that may not send all stdio through Mercurial APIs.
sys.std* wrapper is useless if underlying libraries use Std-C functions [1].
Also, it could cause trouble if they expect that sys.std* are real file
objects.
[1]: https://docs.python.org/2.7/library/sys.html#sys.stdin
Mercurial extensions should conform to the rule of Mercurial internal API.
This patch is the last ditch to avoid corruption of command-server protocol
in case they are broken.
Regards,
More information about the Mercurial-devel
mailing list