striker 2002/07/13 14:34:36
Modified: memory/unix apr_pools.c
strings apr_snprintf.c
Log:
Remove a bogus fixup from apr_vformatter, which made sure a NUL byte could
fit in by flushing if the final character was at the exact end of the buffer
it was using. Take care of the case that the fixup was handling in
apr_psprintf,
by ensuring we can fit a NUL byte from the beginning. Implement this by
calling flush if we start with a 0 byte buffer (in which nothing can fit
anyway).
Secondly make sure that the flush function never tries to use a block
that has less than APR_PSPRINTF_MIN_STRINGSIZE bytes to spare.
Thanks to Nuutti Kotivuori <[EMAIL PROTECTED]> for pointing out the problem,
digging
around for answers and providing patches.
Revision Changes Path
1.182 +23 -0 apr/memory/unix/apr_pools.c
Index: apr_pools.c
===================================================================
RCS file: /home/cvs/apr/memory/unix/apr_pools.c,v
retrieving revision 1.181
retrieving revision 1.182
diff -u -r1.181 -r1.182
--- apr_pools.c 5 Jul 2002 00:24:23 -0000 1.181
+++ apr_pools.c 13 Jul 2002 21:34:36 -0000 1.182
@@ -903,6 +903,8 @@
apr_memnode_t *free;
};
+#define APR_PSPRINTF_MIN_STRINGSIZE 32
+
static int psprintf_flush(apr_vformatter_buff_t *vbuff)
{
struct psprintf_data *ps = (struct psprintf_data *)vbuff;
@@ -918,6 +920,14 @@
cur_len = strp - active->first_avail;
size = cur_len << 1;
+ /* Make sure that we don't try to use a block that has less
+ * than APR_PSPRINTF_MIN_STRINGSIZE bytes left in it. This
+ * also catches the case where size == 0, which would result
+ * in reusing a block that can't even hold the NUL byte.
+ */
+ if (size < APR_PSPRINTF_MIN_STRINGSIZE)
+ size = APR_PSPRINTF_MIN_STRINGSIZE;
+
node = active->next;
if (!ps->got_a_new_node && node->first_avail + size < node->endp) {
*node->ref = node->next;
@@ -991,6 +1001,19 @@
ps.vbuff.endpos = ps.node->endp - 1;
ps.got_a_new_node = 0;
ps.free = NULL;
+
+ /* Make sure that the first node passed to apr_vformatter has at least
+ * room to hold the NUL terminator.
+ */
+ if (ps.node->first_avail == ps.node->endp) {
+ if (psprintf_flush(&ps.vbuff) == -1) {
+ if (pool->abort_fn) {
+ pool->abort_fn(APR_ENOMEM);
+ }
+
+ return NULL;
+ }
+ }
if (apr_vformatter(psprintf_flush, &ps.vbuff, fmt, ap) == -1) {
if (pool->abort_fn)
1.25 +1 -4 apr/strings/apr_snprintf.c
Index: apr_snprintf.c
===================================================================
RCS file: /home/cvs/apr/strings/apr_snprintf.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- apr_snprintf.c 7 May 2002 05:20:55 -0000 1.24
+++ apr_snprintf.c 13 Jul 2002 21:34:36 -0000 1.25
@@ -1197,10 +1197,7 @@
fmt++;
}
vbuff->curpos = sp;
- if (sp >= bep) {
- if (flush_func(vbuff))
- return -1;
- }
+
return cc;
}
