Re: [xml] A long URL causes SEGV

[Mark Itzcovitz <mark itzcovitz ntlworld com>]

> -----Original Message-----
> From: Igor Zlatkovic [mailto:igor zlatkovic com] 
> Sent: 09 February 2004 14:23
> To: Yuuichi Teranishi
> Cc: xml gnome org
> Subject: Re: [xml] A long URL causes SEGV
>
> Yuuichi Teranishi wrote:
>
> > Thanks for your quick response...But it still crushes!
> > More strict checking seems to be required.
>
> Okay, my mistake. Didn't look good enough. The patch attached to this 
> mail solves the issue.
>
> However, I have a question for everyone. Look at this code from nanohttp.c:
>
>    while ((*cur != 0) && (indx < 4096)) {
>      if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
>        /* some processing here */
>      }
>      buf[indx++] = *cur++;
>    }
>
> At any given point cur[1] can be the terminating zero and cur[2] not a 
> part of the memory block. An access to cur[2] would then mean accessing 
> an unknown territory.
>
> That however doesn't happen. The C compiler, when doing a (...) && (...) 
> && (...), won't evaluate further parentheses after it encounters the 
> first one that evaluates to false. In our example, test for cur[1] is 
> false and an access to cur[2] doesn't happen.
>
> Question: Who can guarantee that all compilers really behave this way? 
> Is there anything in the C spec that forces the compiler to evaluate 
> these parentheses in exactly this manner?
>
> Ciao,
> Igor

Kernighan & Ritchie (original edition) says:

"Expressions connected by && or || are evaluated left to right, and evaluation stops as soon as the truth or 
falsehood of the result is known."

Mark Itzcovitz

-----------------------------------------
Email provided by http://www.ntlhome.com/