Date: Mon, 26 Feb 2001 09:49:37 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Terry Lambert <tlambert@primenet.com> Cc: ken@kdm.org (Kenneth D. Merry), arch@FreeBSD.ORG Subject: Re: sbufs in userland Message-ID: <200102261749.f1QHnbB33892@earth.backplane.com> References: <200102261256.FAA16315@usr05.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:> char * :> safe_replacef(char **pptr, const char *ctl, ...) :> { :> va_list va; :> char *optr = *pptr; :> :> if (ctl) { :> va_start(va, ctl); :> if (vasprintf(pptr, ctl, va) < 0) :> fatalmem(); :> va_end(va); :> } :> safe_free(&optr); :> return(*pptr); :> } : :So basically, why is there an "if (ctl)"? Is it so you can pass :a NULL as the second argument to turn it into a "safe_free" call? :That's weird... : : : Terry Lambert : terry@lambert.org Yah, that's just a left over from a NULL terminated looping construct I wanted to support. I never wound up using the feature so I should probably remove it. I generally have two versions: safe_replace(&str, original) safe_replacef(&str, ctl, ...) I've found that, as the syslog security hole shows us, the base version of any string manipulation function should never be var-args or people will start using it with arguments as the second argument instead of ctl. I also constructed a poor-mans string-append routine, aka safe_append() and safe_appendf(). Obviously extremely inefficient if used to build large strings since I free/malloc or realloc on each call, but otherwise generally quite useful. It utilizes the same idea of allowing the initial string to be NULL. So: char *str = NULL; for (node = firstnode(); node; node = nextnode(node)) { safe_appendf(&str, "%d\n", node->value); } ... safe_free(&str); /* str could very well be NULL if the list was empty */ All of these routines call fatalmem() (i.e. and exit) if the allocation fails, so all users of the routines can simply assume that they succeed. Which makes them a whole lot easier to use safely then the libc equivalents. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102261749.f1QHnbB33892>