Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

You should pull this one instead of gtmanfred's #51

Closed
wants to merge 4 commits into from

4 participants

Evan Callicoat Simon Gomizelj Dave Reisner Daniel Wallace
Evan Callicoat

Because it's his PR but with less fail and moar win :D

gtmanfred and others added some commits
Daniel Wallace gtmanfred don't hardcode the buffer for escaped urls 030b841
Evan Callicoat Apsu Fixed that for you
* Pulled the malloc fail check up for moar faster fails
* Avoided the string duplication
* Avoided the memory leak with not freeing the pre-dup buf
3cdc94c
Dave Reisner
Owner

This is silly. I'll let you figure out why.

Lulz. Empty string segfault gogo!

Actually, I was thinking that the string is already zero terminated, and in the right place. buf[strlen(buf)-1] can't possibly be anything but a 0 byte.

It is already zero-terminated but it will have a delim at the end, whatever the delimiter happens to be, presumably "/" for URLs. Looks to me like your code was aiming to toss that, and I suspect that's correct. As for buf[strlen(buf)-1], if buf doesn't get strcat'd, it will be buf[-1] which tries to access the preceding byte. That's sure to be a no-good for this heap-allocated buffer.

cower.c
@@ -2324,7 +2324,12 @@ void *thread_pool(void *arg) /* {{{ */
static char *url_escape(char *in, int len, const char *delim) /* {{{ */
{
char *tok, *escaped;
- char buf[128] = { 0 };
+ char *buf;
+ if((buf = malloc(strlen(in) * 3)) == NULL) {
Simon Gomizelj
vodik added a note

Shouldn't this be strlen(in) * 3 + 1? Worst possible case there still needs to be room for the \0.

Evan Callicoat
Apsu added a note

Was considering that, actually. Makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Dave Reisner falconindy closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 7, 2013
  1. Daniel Wallace
Commits on Mar 8, 2013
  1. Evan Callicoat

    Fixed that for you

    Apsu authored
    * Pulled the malloc fail check up for moar faster fails
    * Avoided the string duplication
    * Avoided the memory leak with not freeing the pre-dup buf
  2. Evan Callicoat

    Fix a silly oversight

    Apsu authored
  3. Evan Callicoat

    Off by one is fun!

    Apsu authored
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 2 deletions.
  1. +10 −2 cower.c
12 cower.c
View
@@ -2324,7 +2324,12 @@ void *thread_pool(void *arg) /* {{{ */
static char *url_escape(char *in, int len, const char *delim) /* {{{ */
{
char *tok, *escaped;
- char buf[128] = { 0 };
+ char *buf;
+ if((buf = malloc(strlen(in) * 3 + 1)) == NULL) {
+ return NULL;
+ } else {
+ *buf = 0;
+ }
if(!delim) {
return curl_easy_escape(NULL, in, len);
@@ -2337,7 +2342,10 @@ static char *url_escape(char *in, int len, const char *delim) /* {{{ */
strcat(buf, delim);
}
- return strndup(buf, strlen(buf) - 1);
+ if((len = strlen(buf)) > 0) {
+ buf[len-1] = 0;
+ }
+ return buf;
} /* }}} */
void usage(void) /* {{{ */
Something went wrong with that request. Please try again.