From owner-freebsd-arch Mon Feb 26 9:49:41 2001 Delivered-To: freebsd-arch@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id E507137B401 for ; Mon, 26 Feb 2001 09:49:38 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f1QHnbB33892; Mon, 26 Feb 2001 09:49:37 -0800 (PST) (envelope-from dillon) Date: Mon, 26 Feb 2001 09:49:37 -0800 (PST) From: Matt Dillon Message-Id: <200102261749.f1QHnbB33892@earth.backplane.com> To: Terry Lambert Cc: ken@kdm.org (Kenneth D. Merry), arch@FreeBSD.ORG Subject: Re: sbufs in userland References: <200102261256.FAA16315@usr05.primenet.com> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :> char * :> safe_replacef(char **pptr, const char *ctl, ...) :> { :> va_list va; :> char *optr = *pptr; :> :> if (ctl) { :> va_start(va, ctl); :> if (vasprintf(pptr, ctl, va) < 0) :> fatalmem(); :> va_end(va); :> } :> safe_free(&optr); :> return(*pptr); :> } : :So basically, why is there an "if (ctl)"? Is it so you can pass :a NULL as the second argument to turn it into a "safe_free" call? :That's weird... : : : Terry Lambert : terry@lambert.org Yah, that's just a left over from a NULL terminated looping construct I wanted to support. I never wound up using the feature so I should probably remove it. I generally have two versions: safe_replace(&str, original) safe_replacef(&str, ctl, ...) I've found that, as the syslog security hole shows us, the base version of any string manipulation function should never be var-args or people will start using it with arguments as the second argument instead of ctl. I also constructed a poor-mans string-append routine, aka safe_append() and safe_appendf(). Obviously extremely inefficient if used to build large strings since I free/malloc or realloc on each call, but otherwise generally quite useful. It utilizes the same idea of allowing the initial string to be NULL. So: char *str = NULL; for (node = firstnode(); node; node = nextnode(node)) { safe_appendf(&str, "%d\n", node->value); } ... safe_free(&str); /* str could very well be NULL if the list was empty */ All of these routines call fatalmem() (i.e. and exit) if the allocation fails, so all users of the routines can simply assume that they succeed. Which makes them a whole lot easier to use safely then the libc equivalents. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message