[OPEN-ILS-DEV] PATCH: app_session.c (NULLs to snprintf)

Scott McKellar mck9 at swbell.net
Sat Jul 28 22:00:53 EDT 2007 

In osrf_app_client_session_init() we use snprintf() to stitch three
strings together into a remote_id.  However there is no guarantee that
the pointers to these three strings are not NULL.  In that case we 
would invoke undefined behavior by passing NULLs to snprintf().

With this patch, the NULLs will be represented explicitly as "(null)".
That's what glibc appears to be doing anyway, so the patch preserves 
the current behavior.

--------------

One of the three pointers is received as a parameter.  The other two
come from the configuration file.  I wonder if there should be some
additional validation, so that if any of these pointers is NULL, we
issue an error message, free allocated resources, and return NULL.
Likewise we might consider reporting an error if any of them points
to an empty string.

Scott McKellar
http://home.swbell.net/mck9/ct/

Developer's Certificate of Origin 1.1 By making a contribution to
this project, I certify that:

(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license indicated
in the file; or

(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source license
and I have the right under that license to submit that work with
modifications, whether created in whole or in part by me, under the
same open source license (unless I am permitted to submit under a
different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person
who certified (a), (b) or (c) and I have not modified it; and

(d) In the case of each of (a), (b), or (c), I understand and agree
that this project and the contribution are public and that a record
of the contribution (including all personal information I submit
with it, including my sign-off) is maintained indefinitely and may
be redistributed consistent with this project or the open source
license indicated in the file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: app_session_c_1.patch
Type: text/x-patch
Size: 867 bytes
Desc: 1260770220-app_session_c_1.patch
Url : http://list.georgialibraries.org/pipermail/open-ils-dev/attachments/20070728/557ae08d/app_session_c_1.bin

More information about the Open-ils-dev mailing list