[OPEN-ILS-DEV] C nits: object.c (Part 4)
Scott McKellar
mck9 at swbell.net
Sun Apr 8 22:16:49 EDT 2007
The jsonFormatString function goes nuts if you feed it certain kinds
of malformed input strings.
Specifically: if the string contains a right brace or bracket that is
not balanced by a previous left brace or bracket, then the depth
variable in jsonFormatString() becomes negative. When we pass depth
to the __tabs() function, we enter the following for loop:
for(i=0;i!=count;i++) buffer_add(buf, " ");
This loop runs until i equals count, which is the depth passed from
the calling function. If count is negative, then i is already
greater than depth. We will probably run out of memory waiting for
i to equal count.
The simplest fix is to change the loop condition:
for(i=0;i < count;i++) buffer_add(buf, " ");
Another fix is to use a more robust substitute for __tabs(), such as
I proposed in an earlier email.
A still better fix is to rewrite jsonFormatString() so as to avoid
any form of __tabs(). In another email I shall propose a rewrite of
jsonFormatString() that not only avoids the problem described above
but also achieves a dramatic boost in this function's performance.
Scott McKellar
27947
More information about the Open-ils-dev
mailing list