[OPEN-ILS-DEV] PATCH: app_session.c (NULLs to snprintf)
Mike Rylander
mrylander at gmail.com
Wed Aug 1 22:54:33 EDT 2007
On 7/28/07, Scott McKellar <mck9 at swbell.net> wrote:
> In osrf_app_client_session_init() we use snprintf() to stitch three
> strings together into a remote_id. However there is no guarantee that
> the pointers to these three strings are not NULL. In that case we
> would invoke undefined behavior by passing NULLs to snprintf().
>
> With this patch, the NULLs will be represented explicitly as "(null)".
> That's what glibc appears to be doing anyway, so the patch preserves
> the current behavior.
Defining undefined behavior is good. Applied with thanks.
>
> --------------
>
> One of the three pointers is received as a parameter. The other two
> come from the configuration file. I wonder if there should be some
> additional validation, so that if any of these pointers is NULL, we
> issue an error message, free allocated resources, and return NULL.
> Likewise we might consider reporting an error if any of them points
> to an empty string.
>
I've extended osrf_app_client_session_init to defended against these
being null. I'm logging an error and returning NULL. Good catch on
those.
> Scott McKellar
> http://home.swbell.net/mck9/ct/
--
Mike Rylander
Equinox Software, Inc
miker at esilibrary.com
http://esilibrary.com/
More information about the Open-ils-dev
mailing list