[OPEN-ILS-DEV] C nits: string_array.c (Part 1)
Scott McKellar
mck9 at swbell.net
Sun Apr 22 18:11:12 EDT 2007
Oops, false alarm.
In my earlier post (below) I worried that the osrfStringArrayRemove
function would sometimes read past the end of the pointer array.
This would happen if the pointer array was completely full.
However, string_array_add() ensures that the array is never full.
It allocates more space, not when the array is full, but when it's
about to become full. Hence there is always at least one unused
pointer in the array, and we won't read past the end.
I still think that the proposed change is worth doing, for other
reasons, as I discussed at the time. I plan to prepare a patch
incorporating this and a few other changes.
Scott McKellar
http://home.swbell.net/mck9/aargh/
--- Scott McKellar <mck9 at swbell.net> wrote:
> I believe that there is at least one bug in the osrfStringArrayRemove
>
> function.
>
> This function removes and frees a string from the pointer array, and
> then shifts the remaining pointer to fill in the gap. Here is the
> code that does the shifting, where the subscript i initially refers
> to the string that we are removing:
>
> for( ; i != arr->size; i++ )
> arr->array[i] = arr->array[i+1];
>
> arr->size--;
>
> Suppose that the array has 10 slots, and all of them are initially
> occupied. Hence arr->size == arr->arr_size == 10. At the end of
> the above loop, we execute:
>
> arr->array[ 9 ] = arr->array[ 10 ];
>
> Unfortunately arr->array[ 10 ] doesn't exist. We are reading beyond
> the end of the array. Oops.
<snip>
More information about the Open-ils-dev
mailing list