On Thu, Apr 18, 2024 at 1:16 PM Ruediger Pluem <rpl...@apache.org> wrote:
>
> On 4/18/24 12:37 AM, minf...@apache.org wrote:
> > Author: minfrin
> > Date: Wed Apr 17 22:37:07 2024
> > New Revision: 1917082
> >
> > URL: http://svn.apache.org/viewvc?rev=1917082&view=rev
> > Log:
> > apr_buffer: Add explicit casts on all potentially narrowing conversions
> > to apr_size_t. Define the maximum buffer size as APR_SIZE_MAX/2.
> >
> > Modified:
> >     apr/apr/trunk/buffer/apr_buffer.c
> >
> > Modified: apr/apr/trunk/buffer/apr_buffer.c
> > URL: 
> > http://svn.apache.org/viewvc/apr/apr/trunk/buffer/apr_buffer.c?rev=1917082&r1=1917081&r2=1917082&view=diff
> > ==============================================================================
> > --- apr/apr/trunk/buffer/apr_buffer.c (original)
> > +++ apr/apr/trunk/buffer/apr_buffer.c Wed Apr 17 22:37:07 2024
> > @@ -28,12 +28,13 @@
> >  #include "apr_strings.h"
> >  #include "apr_private.h"
> >
> > +#define APR_BUFFER_MAX APR_SIZE_MAX/2
>
> Why no longer APR_OFF_MAX?

Indeed at least APR_BUFFER_MAX and buf->size of should be of the same
signedness.

But let me plead again for a much simpler ->size of type apr_size_t,
checked against APR_BUFFER_MAX=APR_SIZE_MAX/2 wherever an apr_buffer_t
is initialized, using the high bit of ->size for string vs plain
buffer, and then getting rid of off_t/ssize_t plus all the fancy
signed arithmetics in the apr_buffer code (we don't care about the
sizeof(off_t) or anything like that anymore)..

Currently apr_buffer_str_make(mystring, strlen(mystring)) is UB, the
API is just broken IMHO.


Regards;
Yann.

Reply via email to