Re: [xml] A long URL causes SEGV

-----Original Message-----
From: Igor Zlatkovic [mailto:igor zlatkovic com] 
Sent: 09 February 2004 14:23
To: Yuuichi Teranishi
Cc: xml gnome org
Subject: Re: [xml] A long URL causes SEGV

Yuuichi Teranishi wrote:

Thanks for your quick response...But it still crushes!
More strict checking seems to be required.

Okay, my mistake. Didn't look good enough. The patch attached to this 
mail solves the issue.

However, I have a question for everyone. Look at this code from nanohttp.c:

   while ((*cur != 0) && (indx < 4096)) {
     if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
       /* some processing here */
     buf[indx++] = *cur++;

At any given point cur[1] can be the terminating zero and cur[2] not a 
part of the memory block. An access to cur[2] would then mean accessing 
an unknown territory.

That however doesn't happen. The C compiler, when doing a (...) && (...) 
&& (...), won't evaluate further parentheses after it encounters the 
first one that evaluates to false. In our example, test for cur[1] is 
false and an access to cur[2] doesn't happen.

Question: Who can guarantee that all compilers really behave this way? 
Is there anything in the C spec that forces the compiler to evaluate 
these parentheses in exactly this manner?


Kernighan & Ritchie (original edition) says:

"Expressions connected by && or || are evaluated left to right, and evaluation stops as soon as the truth or 
falsehood of the result is known."

Mark Itzcovitz

Email provided by

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]