Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Feb 2001 09:49:37 -0800 (PST)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Terry Lambert <tlambert@primenet.com>
Cc:        ken@kdm.org (Kenneth D. Merry), arch@FreeBSD.ORG
Subject:   Re: sbufs in userland
Message-ID:  <200102261749.f1QHnbB33892@earth.backplane.com>
References:   <200102261256.FAA16315@usr05.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

:> char *
:> safe_replacef(char **pptr, const char *ctl, ...)
:> {
:>     va_list va;
:>     char *optr = *pptr;
:>         
:>     if (ctl) {
:>         va_start(va, ctl);
:>         if (vasprintf(pptr, ctl, va) < 0)
:>             fatalmem();
:>         va_end(va);
:>     } 
:>     safe_free(&optr);
:>     return(*pptr);
:> }
:
:So basically, why is there an "if (ctl)"?  Is it so you can pass
:a NULL as the second argument to turn it into a "safe_free" call?
:That's weird...
:
:
:					Terry Lambert
:					terry@lambert.org

    Yah, that's just a left over from a NULL terminated looping construct I
    wanted to support.  I never wound up using the feature so I should
    probably remove it.

    I generally have two versions:

	safe_replace(&str, original)
	safe_replacef(&str, ctl, ...)

    I've found that, as the syslog security hole shows us, the base version
    of any string manipulation function should never be var-args or people
    will start using it with arguments as the second argument instead of ctl.

    I also constructed a poor-mans string-append routine, aka safe_append()
    and safe_appendf().  Obviously extremely inefficient if used to build
    large strings since I free/malloc or realloc on each call, but otherwise
    generally quite useful.  It utilizes the same idea of allowing the
    initial string to be NULL.  So:

    char *str = NULL;
    for (node = firstnode(); node; node = nextnode(node)) {
	safe_appendf(&str, "%d\n", node->value);
    }
    ...
    safe_free(&str);	/* str could very well be NULL if the list was empty */

    All of these routines call fatalmem() (i.e. and exit) if the allocation
    fails, so all users of the routines can simply assume that they succeed.
    Which makes them a whole lot easier to use safely then the libc 
    equivalents.

					-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102261749.f1QHnbB33892>