Sorry, I went to bugzilla before reading all the e-mails here. As I
commented on the bug report states, there is nothing fishy going on.
While strlen(NULL) will always segfault, htcpBuildCountstr() wraps the
strlen() call with a check for a NULL pointer:
260 if (s)
261 len = strlen(s);
262 else
263 len = 0;
We could certainly add code to initialize req_hdrs to an empty string,
but with code like this, I'm suspicious that other function calls are
passing null pointers as well and the check won't be able to be removed
easily.
--Jason
Henrik Nordstrom wrote:
> fre 2009-10-02 klockan 02:52 -0400 skrev Matt W. Benjamin:
>
>> Bzero? Is it an already-allocated array/byte sequence? (Apologies, I haven't seen the code.) Assignment to NULL/0 is in fact correct for initializing a sole pointer, and using bzero for that certainly isn't typical. Also, for initializing a byte range, memset is preferred [see Linux BZERO(3), which refers to POSIX.1-2008 on that point].
>>
>> STYLE(9) says use NULL rather than 0, and it is clearer. But C/C++ programmers should know that NULL is 0. And note that at least through 1998, initialization to 0 was the preferred style in C++, IIRC.
>>
>
> You are both right.
>
> the whole stuff should be zeroed before filled in to avoid accidental
> leakage of "random" values from the stack, which also makes the explicit
> assignment redundant.
>
> bzero is not the right call (BSD specific), memset is preferred.
>
> In C (which is what Squid-2 is written in) NULL is the right initializer
> for pointers in all contexts.
>
> C++ is different... no universally accepted pointer initializer value
> there due to the slightly different type checks on pointers, often
> needing casting.
>
> But something is fishy here.. see my comment in bugzilla.
>
> Regards
> Henrik
>
>
Received on Fri Oct 02 2009 - 15:57:09 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 03 2009 - 12:00:04 MDT