apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <s...@apache.org>
Subject Re: apr_token_* conclusions
Date Thu, 28 Jan 2016 07:15:23 GMT
On Wed, Jan 27, 2016 at 10:40:06PM -0600, William A Rowe Jr wrote:
> If you are new to the conversation, include/apr_cstr.h has absorbed much of
> the efforts of svn_cstring_* API's into apr_cstr_* functions.

I'm very happy to see our strtol()-wrappers in APR. These wrap the POSIX
functions with strict error checking. I hope this will encourage APR
consumers to routinely check for errors while parsing numbers rather than
trusting input. We did this for SVN and it caught a range of issues from
simple user input problems to detection of integer overflows caused by
repository on-disk corruption.

Note that we do have a special strtol() implementation for performance
critical paths in the repository filesystem code:

Some parts of the filesystem still use svn_cstring_strtoi64() instead
because they're either not performance critical or require specific
range checks.

View raw message