On 19/03/21 10:54, Markus Armbruster wrote:
A commit message should tell me what the patch is trying to accomplish.
This commit message's title tells me it's a test for a CVE. Okay. The
body additionally gives me the reproducer. To be useful, a reproducer
needs to come with actual and expected result. Yes, I can find those in
the patch. But I could find the reproducer there, too. If you're nice
enough to save me the trouble of digging through the patch for the
reproducer (thanks), please consider saving me the trouble digging for
the information I need to make use of it (thanks again). That's all:)
FWIW I don't think in this case there is an expected result other than
not crashing, but yeah it may be worth adding in the commit message "for
CVE-2020-25741, a {crash,undefined behavior,ASAN violation} in func_name".
Paolo
