libnih

Merge lp://staging/~jamesodhunt/libnih/fix-for-bug-834813 into lp://staging/libnih

  1. fix-for-bug-834813
  2. Merge into trunk
Proposed by James Hunt
Status: Merged
Merged at revision: 1053
Proposed branch: lp://staging/~jamesodhunt/libnih/fix-for-bug-834813
Merge into: lp://staging/libnih
Diff against target: 440 lines (+396/-1)
3 files modified
ChangeLog (+8/-0)
nih/string.c (+8/-1)
nih/tests/test_string.c (+380/-0)
To merge this branch: bzr merge lp://staging/~jamesodhunt/libnih/fix-for-bug-834813
Reviewer Review Type Date Requested Status
Scott James Remnant Pending
Review via email: mp+73575@code.staging.launchpad.net

This proposal supersedes a proposal from 2011-08-31.

Description of the change

Final attempt I hope.

  * ChangeLog: updated.
  * nih/string.c (nih_str_split): Fixes to avoid over-running
    input string and also returning an empty string array entry
    when repeat is true (LP: #834813).
  * nih/tests/test_string.c (test_str_split): Added a lot of new
    tests for nih_str_split().

To post a comment you must log in.
Revision history for this message
Scott James Remnant (scott) wrote : Posted in a previous version of this proposal

"str && *str" shouldn't be necessary, this function already asserts "str != NULL"

Have you checked other uses of strchr() in the code, I probably make the same mistake all over the place - believing it would return NULL if given '\0'

I'd like that final if() cleaned up, it doesn't make sense what you're doing there - perhaps splitting out some informationally named temporary variables and checking those would make more sense, or using some other method

review: Needs Fixing
Revision history for this message
James Hunt (jamesodhunt) wrote : Posted in a previous version of this proposal

> "str && *str" shouldn't be necessary, this function already asserts "str !=
> NULL"
>
> Have you checked other uses of strchr() in the code, I probably make the same
> mistake all over the place - believing it would return NULL if given '\0'
>
> I'd like that final if() cleaned up, it doesn't make sense what you're doing
> there - perhaps splitting out some informationally named temporary variables
> and checking those would make more sense, or using some other method
Hi Scott,

Firstly, I've raised a bug on strchr(3) and memchr(3) since they do not currently specify the behaviour should the char to search for be '\0':

https://bugzilla.kernel.org/show_bug.cgi?id=42042

I've reworked (simplified) the change to nih_str_split(). Note that the "continue" is safe since we consume any and all multiple delimiter characters on the next loop iteration.

The assert protects the function initially, but since we're incrementing 'str' we do need atleast the first "str && *str" check...

   while (repeat && str && *str && strchr (delim, *str))

...since without it, we overrun the string, and the new tests will fail. The subsequent "str && *str"'s may not be strictly required, but as this bug was rather subtle anyway, I'd be tempted to err on the side of caution.

I'll resubmit the MP...

Cheers,

James.

Revision history for this message
Scott James Remnant (scott) wrote : Posted in a previous version of this proposal
Download full text (18.3 KiB)

str can never turn to NULL as a result of incrementing

On Tue, Aug 30, 2011 at 7:33 AM, James Hunt <email address hidden>wrote:

> James Hunt has proposed merging lp:~jamesodhunt/libnih/fix-for-bug-834813
> into lp:libnih.
>
> Requested reviews:
> Scott James Remnant (scott)
>
> For more details, see:
>
> https://code.launchpad.net/~jamesodhunt/libnih/fix-for-bug-834813/+merge/73383
>
> * ChangeLog: updated.
> * nih/string.c (nih_str_split): Fixes to avoid over-running
> input string and also returning an empty string array entry
> when repeat is true (LP: #834813).
> * nih/tests/test_string.c (test_str_split): Added a lot of new
> tests for nih_str_split().
>
> --
>
> https://code.launchpad.net/~jamesodhunt/libnih/fix-for-bug-834813/+merge/73383
> You are requested to review the proposed merge of
> lp:~jamesodhunt/libnih/fix-for-bug-834813 into lp:libnih.
>
> === modified file 'ChangeLog'
> --- ChangeLog 2011-08-26 18:31:43 +0000
> +++ ChangeLog 2011-08-30 14:33:16 +0000
> @@ -1,3 +1,4 @@
> +<<<<<<< TREE
> 2011-08-26 James Hunt <email address hidden>
>
> * nih/io.c (nih_io_select_fds): Ensure number of fds being managed
> @@ -6,6 +7,16 @@
> * nih/config.c, nih/error.h, nih/io.c, nih/test_files.h: Correct
> typos in comments.
>
> +=======
> +2011-08-30 James Hunt <email address hidden>
> +
> + * nih/string.c (nih_str_split): Fixes to avoid over-running
> + input string and also returning an empty string array entry
> + when repeat is true (LP: #834813).
> + * nih/tests/test_string.c (test_str_split): Added a lot of new
> + tests for nih_str_split().
> +
> +>>>>>>> MERGE-SOURCE
> 2011-06-20 James Hunt <email address hidden>
>
> * nih/watch.c (nih_watch_handle): Handle non-directory watches;
>
> === modified file 'nih/string.c'
> --- nih/string.c 2009-06-23 09:29:37 +0000
> +++ nih/string.c 2011-08-30 14:33:16 +0000
> @@ -403,17 +403,29 @@
>
> while (*str) {
> const char *ptr;
> + size_t toklen;
>
> - /* Skip initial delimiters */
> - while (repeat && strchr (delim, *str))
> + /* Skip initial delimiters taking care not to walk
> + * beyond the end of the string
> + */
> + while (repeat && str && *str && strchr (delim, *str))
> str++;
>
> /* Find the end of the token */
> ptr = str;
> - while (*str && (! strchr (delim, *str)))
> + while (str && *str && (! strchr (delim, *str)))
> str++;
>
> - if (! nih_str_array_addn (&array, parent, &len,
> + toklen = str - ptr;
> +
> + /* Don't create an empty string array element in repeat
> + * mode if there is no token (as a result of a
> + * duplicated delimiter character).
> + */
> + if (repeat && !toklen)
> + continue;
> +
> + if (str && ! nih_str_array_addn (&array, parent, &len,
> ptr, str ...

Revision history for this message
Scott James Remnant (scott) wrote : Posted in a previous version of this proposal
Download full text (19.0 KiB)

Last comments are all nits (I promise!)

ChangeLog has merge markers in the review diff;

and today is now the 31st, so this needs a ChangeLog header of its own.

- /* Skip initial delimiters */
- while (repeat && strchr (delim, *str))
+ /* Skip initial delimiters taking care not to walk
+ * beyond the end of the string
+ */

There's no need to change this comment, leave it as it is.

+ toklen = str - ptr;
+
+ /* Don't create an empty string array element in repeat
+ * mode if there is no token (as a result of a
+ * duplicated delimiter character).
+ */
+ if (repeat && !toklen)
+ continue;
+

Calculating the length of the token and checking it is completely
unnecessary. A much better check would be:

  if (repeat && (str == ptr))

This is much clearer that you mean "if we're repeating, and the end of the
string is the start"

On Wed, Aug 31, 2011 at 10:02 AM, James Hunt <email address hidden>wrote:

> James Hunt has proposed merging lp:~jamesodhunt/libnih/fix-for-bug-834813
> into lp:libnih.
>
> Requested reviews:
> Scott James Remnant (scott)
>
> For more details, see:
>
> https://code.launchpad.net/~jamesodhunt/libnih/fix-for-bug-834813/+merge/73560
>
> Take 3... :-)
>
> * ChangeLog: updated.
> * nih/string.c (nih_str_split): Fixes to avoid over-running
> input string and also returning an empty string array entry
> when repeat is true (LP: #834813).
> * nih/tests/test_string.c (test_str_split): Added a lot of new
> tests for nih_str_split().
>
> --
>
> https://code.launchpad.net/~jamesodhunt/libnih/fix-for-bug-834813/+merge/73560
> You are requested to review the proposed merge of
> lp:~jamesodhunt/libnih/fix-for-bug-834813 into lp:libnih.
>
> === modified file 'ChangeLog'
> --- ChangeLog 2011-08-26 18:31:43 +0000
> +++ ChangeLog 2011-08-31 17:02:23 +0000
> @@ -1,3 +1,4 @@
> +<<<<<<< TREE
> 2011-08-26 James Hunt <email address hidden>
>
> * nih/io.c (nih_io_select_fds): Ensure number of fds being managed
> @@ -6,6 +7,16 @@
> * nih/config.c, nih/error.h, nih/io.c, nih/test_files.h: Correct
> typos in comments.
>
> +=======
> +2011-08-31 James Hunt <email address hidden>
> +
> + * nih/string.c (nih_str_split): Fixes to avoid over-running
> + input string and also returning an empty string array entry
> + when repeat is true (LP: #834813).
> + * nih/tests/test_string.c (test_str_split): Added a lot of new
> + tests for nih_str_split().
> +
> +>>>>>>> MERGE-SOURCE
> 2011-06-20 James Hunt <email address hidden>
>
> * nih/watch.c (nih_watch_handle): Handle non-directory watches;
>
> === modified file 'nih/string.c'
> --- nih/string.c 2009-06-23 09:29:37 +0000
> +++ nih/string.c 2011-08-31 17:02:23 +0000
> @@ -403,9 +403,12 @@
>
> while (*str) {
> const char *ptr;
> + size_t toklen;
>
> - /* Skip initial delimiters */
> - while (repeat && strchr (delim, *str))
> + /* Skip initi...

Revision history for this message
Scott James Remnant (scott) wrote : Posted in a previous version of this proposal

On Tue, Aug 30, 2011 at 7:33 AM, James Hunt <email address hidden>wrote:

> Firstly, I've raised a bug on strchr(3) and memchr(3) since they do not
> currently specify the behaviour should the char to search for be '\0':
>
> https://bugzilla.kernel.org/show_bug.cgi?id=42042
>
>
Interestingly the OS X man pages do specify:

     The strchr() function locates the first occurrence of c (converted to a
     char) in the string pointed to by s. The terminating null character is
     considered to be part of the string; therefore if c is `\0', the func-
     tions locate the terminating `\0'.

Scott

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches