On Thu, 05 Jul 2012 19:33:18 +0200
Jim Meyering <[email protected]> wrote:
Thanks for the patch, but can you clarify?
> At first I thought there must be code to guarantee
> that a URI (resource->uri) has length > 0,
In principle it must be for an HTTP request to exist.
Have you found a testcase or code path in which it fails?
> but since I found
> similar guards against precisely that case, e.g.,
That could be because it's necessary, but it could also be
because the authors of those bits of code were over-cautious,
or because the code is old and extra tests were needed when
it was written. The mod_dav instance is a different URI.
> it seems best to guard the use below, too:
Indeed, if there is a code path that leaves null or empty
r->uri then fixing it is right.
> From 5609908643d8456c6f56197102161e56d87e56c4 Mon Sep 17 00:00:00 2001
Huh? Did you send a patch in 2001?
> uri = resource->uri;
> uri_len = strlen(uri);
> - if (uri[uri_len - 1] == '/') {
> + if (uri_len > 1 && uri[uri_len - 1] == '/') {
That fixes empty uri, but segfaults on null URI.
Makes sense if the first is possible but the second isn't.
--
Nick Kew
