2325 4480 pwd newline

[egmontkob]

Proposed changes

More robust reading of pwd, namely:

• support trailing newlines
• don't send long lines that might clog the kernel's cooked mode buffer
• make sure to read the entire pwd if the writer is slow

• Resolves: "Cannot change to" directory\n warning when entering directory ending with newline #2325
• Resolves: mc hangs for 1-2s with subshell bash when entering paths > 128 characters on Solaris #4480

Checklist

👉 Our coding style can be found here: https://midnight-commander.org/coding-style/ 👈

• I have referenced the issue(s) resolved by this PR (if any)
• I have signed-off my contribution with git commit --amend -s
• Lint and unit tests pass locally with my changes (make indent && make check)
• I have added tests that prove my fix is effective or that my feature works
• I have added the necessary documentation (if appropriate)

[mc-worker]

I think it's better to save string lengths in the intermediate variables and then use them in g_string_append_len() instead of g_string_append() to avoid double calls of strlen().

[egmontkob]

Do we care more about shaving off a few CPU cycles at a non-critical path, rather than preferring cleaner, easier to read code?

Moreover, the code also would become inconsistent with itself. E.g. quote_cmd_end is used twice, so it speeds up things by a few nanoseconds to store its length. before_wrap is likely used exactly once, with a small chance more than once. But after_wrap is likely not used at all. So in order to shave off a few CPU cycles we shouldn't precompute its length?

I'd find it absolutely pointless to go into such mircooptimizations somewhere where it really doesn't matter.

[zyv]

I agree that optimizations are pointless, but I would still extract constants for readability. This would also make the line shorter and make it fit on one line.

[egmontkob]

I've pushed an additional commit (to be squashed!!!) to show what the code would look like with precomputed lengths.

I honestly don't find it any more readable than the previous version; duplicating (kind of) variable names like g_string_append_len (ret, foobar, foobar_len) are a source of error if you pass the wrong length, harder to verify that you didn't make this mistake, and is a visual clutter instead of just seeing foobar once.

IMHO.

If you guys both prefer this variant then I'll squash this sommit with the previous one.

[ossilator]

i prefer the "optimized" version. having the lengths pre-calculated should make it easier to write code that doesn't buffer-overflow.

[mc-worker]

It's better to swap these two lines:

line_length = strlen (after_wrap)
g_string_append_len (ret, after_wrap, line_length);

[egmontkob]

Why is it better? Currently the string append operations are next to each other. By swapping them, you'd break that flow.

Or is it because then you could use that as a length parameter to g_string_append_len; again, resulting in a visibly more inconsisent code for us humans, and an absolutely unmeasurable speedup? Let's go for more readable, more consistent code please. Let me know please why you think your proposal would be more readable.

[zyv]

I actually have no preference one way or the other here...

[mc-worker]

The same:

line_length = strlen (after_wrap)
g_string_append_len (ret, after_wrap, line_length);

[egmontkob]

Oops, I've accidentally pushed the branch into the main mc repo; I didn't mean that. Sorry for that! You can remove that branch if you wish.

[egmontkob]

Nevermind, I've deleted it. Sorry for the noise.

[egmontkob]

There's a regression with tcsh:

Previously it could enter directories with a non-alphanumeric UTF-8 symbol (e.g. heart ❤) in their name, now it cannot. (It can still enter alphanumeric UTF-8 characters.)

Let me play around a little bit with tcsh to see if I can fix this.

Let's hold off this PR for now.

[ossilator]

3nd commit msg: typo in 'platforms'

[ossilator]

"as untrusted"

[egmontkob]

I just moved this text away by a few lines :) anyway, fixing.

[ossilator]

the assigned value does not need to be quoted, and for legacy shells it even should not be.

[egmontkob]

Thanks, fixing.

[ossilator]

side note: this happening after the ./ append is plain bogus.
(fix should be in a separate commit.)

[egmontkob]

I have also noticed this, but I just don't want to begin fixing every minor detail that I don't fully like :) But now that you've pointed it out too, I'll fix it.

But, sorry, I won't create a new commit for every tiny change I make, I just find that nonsense and super counterproductive. It's a somewhat bigger rework of that method, including everything that goes into it.

[egmontkob]

Oh, no... wait... now that I've moved the cd string prefix into this method (which I had to do because of tcsh's variable construction), I have to swap the order, the one in my change was straight wrong.

[ossilator]

i prefer the "optimized" version. having the lengths pre-calculated should make it easier to write code that doesn't buffer-overflow.

[ossilator]

it would be kinda more elegant to wrap the trailer separately if the situation occurs, but the extra code is probably not worth it ...

[egmontkob]

i prefer the "optimized" version. having the lengths pre-calculated should make it easier to write code that doesn't buffer-overflow.

Looks like it's 3:1 (all 3 of you reviewers against me), so I'll change the code (squash the followup commit), but I'm really curious: Could you please provide an example where a pre-computed length would save you from a buffer overrun?

I have shown you that it becomes easy to use the wrong length, e.g.

g_string_append_len (ret, foobar1, foobar1_len);
g_string_append_len (ret, quux2, quux1_len);
g_string_append_len (ret, loremipsum3, lorempisum3_len);

Not only is it harder to read, but would you spot the bug if you weren't looking for it? How is it any safer than writing

g_string_append (ret, foobar1);
g_string_append (ret, quux2);
g_string_append (ret, loremipsum3);

?

---

it would be kinda more elegant to wrap the trailer separately if the situation occurs, but the extra code is probably not worth it ...

Could you please elaborate? I don't get what you're thinking of here. Even though you're not asking me to change the code, I'm curious :)

[ossilator]

if you assign the lengths and actually use them to pre-calculate and check the buffer, it's easier to make sure that you're actually working with the same numbers. the mismatch risk is real, but i personally worry about it less, because i have annoyingly good visual pattern recognition.

---

the length of the final cd command is currently subtracted from the buffer size, so it always fits. but it would be possible to ensure that only the line termination fits, and put the cd on its own line if necessary.

[egmontkob]

Back to tcsh:

I think I can do either of these two things:

• Use the $'...' string constant notation. As strings aren't byte-safe, they're forced to the locale (practically UTF-8), it means that in an UTF-8 environment directories with invalid UTF-8 in their name won't work. But the method handles newline characters just fine.

• Use `printf ...` command substitution. This method breaks newlines – in case of tcsh not just the trailing ones but any internal newlines. On the other hand it's binary-safe, we can enter any directory, even if invalid UTF-8. Note though that it doesn't work backwards: if you hide the panels and do a cd to a directory with an invalid UTF-8 name, the subshell reporting it back to mc using echo $cwd:q will also mangle it and mc won't be able to cd there (already buggy in current mc). To which a workaround could be to invoke the external pwd -L utility.

So it's either-or: invalid UTF-8 but no newlines, or newlines but not invalid UTF-8.

And no, I'm not going to implement both and pick runtime so that we only fail if a path contains both :)

Which one do you guys vote for?

[egmontkob]

tcsh: I was wrong, command substitution isn't binary safe either.

So, without terrible hacks, I can get newline working but not invalid UTF-8.

---

To get invalid UTF-8 working, I think this would do it:

• save the value of LC_ALL
• setenv LC_ALL C
• cd target_directory
• restore LC_ALL (or most likely: the lack thereof)
• set cwd=target_directory # to fix the accents shown in the prompt

and when a command completes and tcsh sends it working directory to mc, invoke the external pwd -L.

I'm not gonna do this, it's just not worth it.

[zyv]

Which one do you guys vote for?

My thinking is that if I had to choose, I'd take newlines.

[egmontkob]

Yup I'm going with newlines.

New commit pushed to fix regression with tcsh.

How confident are we that placing unquoted 128..255 bytes in the command line is safe in every shell, they don't have any special meaning in the shell?