[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[patch #1599] [Patch #1599] store_typed_open border conditions
From: |
noreply |
Subject: |
[patch #1599] [Patch #1599] store_typed_open border conditions |
Date: |
Fri, 01 Aug 2003 06:47:26 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686) Gecko/20030714 Galeon/1.3.5 Debian/1.3.5.20030714-2 |
Patch #1599 has been updated.
Project:
Category: libstore
Status: Open
Summary: store_typed_open border conditions
Follow-Ups:
Date: Thu 07/31/2003 at 23:17
By: marcus
Comment:
This patch is definitely wrong. The code should do the following:
FOO:BAR - Open the class FOO with parameter BAR
FOO: - Open the class FOO with no parameter
:BAR - Open the file BAR (with store_open)
BAZ - Try to find a class BAZ, and open that with no parameter, but if class is
not found, open file BAZ with store_open.
Look at the code:
const char *clname_end = strchrnul (name, ':');
if (clname_end == name)
/* Open NAME with store_open. */
return store_open (name + 1, flags, classes, store);
This covers the ":BAR" case. You make the code look in that case for a class
"". Then come all the other cases, which (potentially) start with a class
name. So we search for classes, either in the statically linked list, or by
dynamically loading a library with that class.
Only if that fails, and there is no ':', then we know we have a BAZ case where
BAZ is not a class, but a file. Then open the file.
I think the only bug here is that the dynamic loading mechanism segfaults,
which you probably have fixed with your linker change. So I am closing this.
If I overlooked something, we can reopen it.
-------------------------------------------------------
Date: Fri 08/01/2003 at 10:29
By: ogi
Comment:
OK, next time I'll read the comment right before function ;-)
I've found two new possible problems with the function. A new patch is
uploaded that address them. Unfortunately, to completely test the patch,
patched libc is required.
When NAME is empty string, clname_end is equal to name. The first "if" thinks
that the string begins with ':' and it will call store_open with name+1, which
can possibly lead to SEGV and other undesirable behavior.
store_module_open exits immediately with EINVAL if it doesn't find ':'. This
means that if you pass file name without ':' and weak symbol store_module_open
points to something, then the function will return with EINVAL instead of
calling store_open.
-------------------------------------------------------
Date: Fri 08/01/2003 at 12:47
By: marcus
Comment:
It doesn't make sense to do anything if NAME is empty, so just
fail with EINVAL right at the beginning if *NAME is