Re: [xml] A long URL causes SEGV
- From: Mark Itzcovitz <mark itzcovitz ntlworld com>
- To: xml gnome org
- Subject: Re: [xml] A long URL causes SEGV
- Date: Mon, 9 Feb 2004 14:37:37 +0000
-----Original Message-----
From: Igor Zlatkovic [mailto:igor zlatkovic com]
Sent: 09 February 2004 14:23
To: Yuuichi Teranishi
Cc: xml gnome org
Subject: Re: [xml] A long URL causes SEGV
Yuuichi Teranishi wrote:
Thanks for your quick response...But it still crushes!
More strict checking seems to be required.
Okay, my mistake. Didn't look good enough. The patch attached to this
mail solves the issue.
However, I have a question for everyone. Look at this code from nanohttp.c:
while ((*cur != 0) && (indx < 4096)) {
if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
/* some processing here */
}
buf[indx++] = *cur++;
}
At any given point cur[1] can be the terminating zero and cur[2] not a
part of the memory block. An access to cur[2] would then mean accessing
an unknown territory.
That however doesn't happen. The C compiler, when doing a (...) && (...)
&& (...), won't evaluate further parentheses after it encounters the
first one that evaluates to false. In our example, test for cur[1] is
false and an access to cur[2] doesn't happen.
Question: Who can guarantee that all compilers really behave this way?
Is there anything in the C spec that forces the compiler to evaluate
these parentheses in exactly this manner?
Ciao,
Igor
Kernighan & Ritchie (original edition) says:
"Expressions connected by && or || are evaluated left to right, and evaluation stops as soon as the truth or
falsehood of the result is known."
Mark Itzcovitz
-----------------------------------------
Email provided by http://www.ntlhome.com/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]