Hi Florian, there has not been put any work into makeing xml2rrd handle 'invalid' input ... if this was to be done, switching to a xml library (and thus adding another dependency to the code would certainly be the right thing todo ...
if you are interested into looking at this your are most welcome ... before spending too much time on it though, make sure to post to the rrd-developers list with an outline of your plans to get some review ... cheers tobi Today Florian Forster wrote: > Hi everybody, > > I tripped over this bug in rrd_restore.c, function xml2rrd: > -- 8< -- > eat_tag(&ptr2, "params"); > skip(&ptr2); > -- >8 -- > This is problematic, because `eat_tag' sets `ptr2' to NULL if the tag > cannot be found, and `skip' dereferences `ptr2' without checking it > first. > > The attached patch makes `xml2rrd' honor the return value and makes > `skip' check it's arguments. I have checked the rest of the code only > very superficially, so there may be similar problems to the one outlined > above. To be quite honest, by the look of the code I'd be surprised if > there wasn't. > > Have you ever thought about using an XML-library to parse the input? (I > searched the archives but couldn't find anything appropriate.) I bet the > code would get a lot smaller and easier to maintain. Also it'd probably > be possible to get rid of the need to have the tags in a given order. > (That's what caused the segfault in the first place and bit me in the > leg just now..) > > Regards, > -octo > -- > Florian octo Forster > Hacker in training > GnuPG: 0x91523C3D > http://verplant.org/ > -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten http://it.oetiker.ch [EMAIL PROTECTED] ++41 62 213 9902 _______________________________________________ rrd-developers mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers
