[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] patch for evhttp_htmlescape() in http.c

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] patch for evhttp_htmlescape() in http.c
From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
Date: Mon, 23 May 2011 18:20:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Mon, 23 May 2011 18:21:11 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=VSGc7aabM2sMJAO0eFbhYHYzOTBJyXek6GYddmI00NU=; b=M2DHdl9XggWbnMJatCUBS//4oE18NxzKOStM8Py5MrkCzsa+SVS33rnLxvMuM8z0lR uaq3xgX7rF/wyNm+UhnEvblmrDP22dUFQ/a8PlQtVayJdCFEr7kh1jS3j2pmr8G+hklz kQQhQsZmXVPfP968ly2aULQqBhOQmzkTPS0Mg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=fIjs2dxR6lVUk1IXgA2e2fPuVVQPPUpaonNNVYthDcRVOHKSsWVJqnvbxpWXz/YtNz jeRuV/b5AwJitH5Er3hK/gVYGVTYFtD4ZeykSUoIbXLTajK1dMdYhNDtOrHLOEDdwLmk cPoyKehSiwL7Qzl3z/LmADYxjGAbmoBtBbGqU=
In-reply-to: <BANLkTikxtrCcq3UbEwmf=EtQeVne8BNWbw@xxxxxxxxxxxxxx>
References: <BANLkTiniRmG1L2bkU+D4Ag1z8Yr6drbMYA@xxxxxxxxxxxxxx> <BANLkTikxtrCcq3UbEwmf=EtQeVne8BNWbw@xxxxxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

On Mon, May 23, 2011 at 6:07 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> On Mon, May 23, 2011 at 5:54 PM, Mansour Moufid <mansourmoufid@xxxxxxxxx> wrote:
>> A couple changes in the file `http.c'.
>>
>> Removed the `scratch_space' variable from the `evhttp_htmlescape'
>> function since it wasn't actually used; also removed the `buf'
>> variable from the `evhttp_htmlescape' function since it was only used
>> by `scratch_space'.
>>
>> Modified the `html_replace' function so that it returns the length of
>> the replacement string instead of the string itself. This is used to
>> easily check for overflows of the `new_size' variable in the first for
>> loop of the `evhttp_htmlescape' function, and thus potential out of
>> bounds writes in the second for loop (if an overflow occurs in
>> new_size, then new_size < old_size). Also check that new_size + 1
>> doesn't overflow in mm_malloc(new_size + 1).
>
> I like it, except for all the 'if (escaped != NULL)' checks:
> assignments are much cheaper than branches, so let's just always pass
> in a pointer for "escaped".
>
> Alternative patch attached: looks ok?

Looks great to me!
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] patch for evhttp_htmlescape() in http.c
  - From: Nick Mathewson

References:
- [Libevent-users] patch for evhttp_htmlescape() in http.c
  - From: Mansour Moufid
- Re: [Libevent-users] patch for evhttp_htmlescape() in http.c
  - From: Nick Mathewson

Prev by Author: [Libevent-users] patch for evhttp_htmlescape() in http.c
Next by Author: [Libevent-users] some trivial patches
Previous by thread: Re: [Libevent-users] patch for evhttp_htmlescape() in http.c
Next by thread: Re: [Libevent-users] patch for evhttp_htmlescape() in http.c
Index(es):
- Author
- Thread