hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10389) Native RPCv9 client
Date Wed, 11 Jun 2014 17:35:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14028072#comment-14028072
] 

Colin Patrick McCabe commented on HADOOP-10389:
-----------------------------------------------

bq. I'm also seeing many calls to strcpy(), as well as calls to *printf() with non constant
format strings.

There's 10 calls to {{strcpy}} in the whole code base, which is 37 files now.  All of them
are in cases where we calculate the destination buffer size beforehand based on the source
string size, so there is no problem.

{{printf}} and similar functions are not a problem because we have {{__attribute__((format(printf)))}},
which warns about cases where the format string doesn't match the varargs.  And we only ever
use {{snprintf}}, {{vsnprintf}}, and the other functions which print into a buffer of a known
size.

bq. My question is that (1) whether the code contains no memory leak, no buffer overflow,
and no format string overflow? (2) whether the code always passes the function pointer with
the correct type? I'm perfectly happy to +1 your patches as long as you can show your code
is indeed free of these common defects.

The compiler checks whether function pointers are the correct type.  We have compile-time
checks that printf's arguments match its format string, we don't ever use non-constant format
strings, and we use the versions that take a maximum length .  I use {{valgrind}} to spot
memory leaks.

I think running static and dynamic analysis tools on the code is always a good idea.  Having
good unit tests coverage is also a good idea.  The native code will always have burdens that
Java doesn't have, because it is not garbage collected.  But I think with care, those burdens
can be managed in a client, just like we manage them in the existing libhdfs.

> Native RPCv9 client
> -------------------
>
>                 Key: HADOOP-10389
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10389
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: HADOOP-10388
>            Reporter: Binglin Chang
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-10388.001.patch, HADOOP-10389.002.patch, HADOOP-10389.004.patch,
HADOOP-10389.005.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message