[jira] [Commented] (DISPATCH-1566) safe_snpritf is not safe.

Tue, 11 Feb 2020 10:01:32 -0800 


    [ 
https://issues.apache.org/jira/browse/DISPATCH-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17034668#comment-17034668
 ] 

ASF GitHub Bot commented on DISPATCH-1566:
------------------------------------------

nicob87 commented on pull request #679: DISPATCH-1566: fix safe_snptrintf
URL: https://github.com/apache/qpid-dispatch/pull/679
 
 
   As it is explained in 
[DISPATCH-1566](https://issues.apache.org/jira/browse/DISPATCH-1566):
   "This function fails for size = 0, and ... inside it calls vsnprintf, 
without considering that in case of error vsnprintf returns a negative number."
   
   So after fix we can expect this behaviour:
   - (size = 0) -> safe_snprintf returns 0, and does nothing. 
   - (size > INT_MAX) -> safe_snprintf returns 0, and does nothing. Since inner 
vsnprintf function returns int, it has no sense (and it may produce an error) 
to accept size > INT_MAX.
   - (inner vsnprintf return value > (size -1)) -> safe_snprintf returns 
(size-1) -> which is the max possible value.
   - (inner vsnprintf returns negative number) -> safe_snprintf returns 0. 
there was a parsing error.
   - (inner vsnprintf return value >= 0 and < (size-1)) -> safe_snprintf 
returns vsnprintf.
   
   This behaviour has been unit-tested but those changes will be included in 
other pr that is blocked by: 
   [DISPATCH-1568](https://issues.apache.org/jira/browse/DISPATCH-1568)
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> safe_snpritf is not safe.
> -------------------------
>
>                 Key: DISPATCH-1566
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1566
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Router Node
>    Affects Versions: 1.10.0
>            Reporter: Nicolas
>            Priority: Major
>             Fix For: 1.11.0
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> {{/* **************************************** */}}
> {{static inline int safe_snprintf(char *str, size_t size, const char *format, 
> ...)}}
> {{{ .... }}{{}}}
> This function fails for size = 0, and ... inside it calls vsnprintf, without 
> considering that in case of error vsnprintf returns a negative number.
> PR in progress.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to