[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Starting the final call for features for 1.7

From: Ralph Corderoy
Subject: Re: [Nmh-workers] Starting the final call for features for 1.7
Date: Mon, 10 Oct 2016 16:09:20 +0100

Hi Oliver,

> https://sf.net/p/gar/code/HEAD/tree/csw/mgar/pkg/reprepro/trunk/files/0004-implement-missing-getline-function.patch
> Any good?

Sorry for not replying earlier.  I had a look.  It uses fgets(3) so has
to use strlen(3) to find out how much was read, but that fails for
"foo\0bar\n".  It leaks memory when realloc(3) fails because the old,
still allocated, value is trampled by the NULL.  And if it needs to
expand the buffer, it has fgets() write on the end of the first string
it returned by offsetting the pointer by haveRead, but says the buffer
is the entire realloc'd size, not accounting for the chunk that's
already used, so fgets could overflow the buffer.  It will return -1 if
the last line of the file doesn't have a terminating '\n', discarding
the line.  It's not checking the line doesn't grow too long so the
ssize_t return value can't represent it.   And the "single return" style
hums IMO, far too easy to miss out an `else' that should set up the
error return;  return ASAP so the reader has less to track as they read
on.  So no, not really any good.  :-)

I had a search.  I thought the small C libraries might have something,
but they can use stdio's internals.  So I had a go.  I'm sure there's a
public archive of autoconf tests and stand-ins that you're meant to copy
into your project, but I couldn't find it, and it might not be licence
compatible anyway.

Cheers, Ralph.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]