[OPEN-ILS-DEV] PATCH: jsonObjectFindPath

Mike Rylander mrylander at gmail.com
Sun Mar 9 23:31:57 EDT 2008 

On Sun, Feb 17, 2008 at 8:01 PM, Scott McKellar <mck9 at swbell.net> wrote:
> These patches mostly concern the jsonObjectFindPath function in
>  osrf_json_tools.c, along with a couple of related functions.  They
>  plug some memory leaks and boost performance.

Applied.

[snip]

>  ---------
>
>  The use of strtok_r() in these functions creates a subtle potential
>  bug that doesn't apply to Evergreen but may apply to some other
>  arbitrary application.
>

I can't think of a reason why we wouldn't be open to an alternate
implementation.  My vote wold be for "backslash-escape a literal slash
in the search string if you use one in your object key."

--miker

>  In JSON, the name string of a name/value pair may contain any
>  character, though some characters must be escaped by preceding
>  backslashes.  In particular, a name may contain a forward slash.
>
>  The path functions will see such an embedded slash as a separator
>  between path nodes.  As a result they will fail to find the intended
>  path.  Granted, it would be perverse to include a slash in a name and
>  then try to find a path with it, but it is conceivable.
>
>  The solution -- if a solution is needed -- is to define some
>  convention to distinguish between embedded slashes and separator
>  slashes.  For example, we could decree that an embedded slash be
>  escaped by a preceding backslash.  However neither strtok nor its
>  safer sister strtok_r is smart enough to recognize that distinction.
>
>  Wnenever I have been tempted to use strtok(), I have invariably
>  backed off, because of some bug or other that would result.  The
>  main problem lies with the use of delimiter characters to separate
>  fields.  In most cases there are circumstances where the delimiter
>  character may be embedded in the data.  Various conventions may be
>  used to distinguish these occurrences -- doubling, backlashes, quote
>  marks, etc. -- but strtok() won't recognize them.
>
>  As a result I have never used strtok() or strtok_r() in my own code.
>  When I see them in somebody else's code, I look for a bug.  I usually
>  find one.
>
>  (Whoever wrote the man page for strtok on my system evidently agrees
>  with me, though possibly for different reasons.  The section on BUGS
>  starts out: "Never use these functions.")
>
>  Scott McKellar
>  http://home.swbell.net/mck9/ct/
>
>  Developer's Certificate of Origin 1.1 By making a contribution to
>  this project, I certify that:
>
>  (a) The contribution was created in whole or in part by me and I
>  have the right to submit it under the open source license indicated
>  in the file; or
>
>  (b) The contribution is based upon previous work that, to the best
>  of my knowledge, is covered under an appropriate open source license
>  and I have the right under that license to submit that work with
>  modifications, whether created in whole or in part by me, under the
>  same open source license (unless I am permitted to submit under a
>  different license), as indicated in the file; or
>
>  (c) The contribution was provided directly to me by some other person
>  who certified (a), (b) or (c) and I have not modified it; and
>
>  (d) In the case of each of (a), (b), or (c), I understand and agree
>  that this project and the contribution are public and that a record
>  of the contribution (including all personal information I submit
>  with it, including my sign-off) is maintained indefinitely and may
>  be redistributed consistent with this project or the open source
>  license indicated in the file.



-- 
Mike Rylander
 | VP, Research and Design
 | Equinox Software, Inc. / The Evergreen Experts
 | phone:  1-877-OPEN-ILS (673-6457)
 | email:  miker at esilibrary.com
 | web:  http://www.esilibrary.com

More information about the Open-ils-dev mailing list