httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject RE: I WANT A GA release
Date Fri, 05 Apr 2002 18:44:30 GMT
On Fri, 5 Apr 2002, Brad Nicholes wrote:

> I'm still seeing a problem with apr_tokenize_to_argv() that causes the
> parser to run off the end string.  I know this causes a fault on
> NetWare, but since I don't understand this code completely and the
> comments about allowing for a NULL argument are confusing, I was hoping
> someone would confirm or deny the problem.

Confirmed (by inspection).  You're quite right... we've just been getting
lucky.

This appears semantically correct to me, though I haven't tested it:

Index: apr_cpystrn.c
===================================================================
RCS file: /home/cvs/apr/strings/apr_cpystrn.c,v
retrieving revision 1.10
diff -u -d -r1.10 apr_cpystrn.c
--- apr_cpystrn.c       13 Mar 2002 20:39:26 -0000      1.10
+++ apr_cpystrn.c       5 Apr 2002 18:41:19 -0000
@@ -168,10 +168,9 @@
      * Must account for the trailing NULL arg.
      */
     numargs = 1;
-    while (*ct != '\0') {
+    for (; *ct != '\0'; ct++) {
         CHECK_QUOTATION(ct, isquoted);
         DETERMINE_NEXTSTRING(ct, isquoted);
-        ct++;
         numargs++;
         SKIP_WHITESPACE(ct);
     }

The only semantic difference is that if DETERMINE_NEXTSTRING lands on a "
then the ct++ from before would skip over it and SKIP_WHITESPACE would
proceed to skip whitespace _inside_ the quote.  Then back to the top of
the loop, and CHECK_QUOTATION would never have seen the " to set isquoted
to 1.  But as far as I can tell, that's also a bug, and using the for loop
fixes that as well.

Brad, can you test this for me (since I don't have a good test case)?

Thanks,
Cliff


--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA



Mime
View raw message