[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] patch for evhttp_htmlescape() in http.c



On Mon, May 23, 2011 at 6:07 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> On Mon, May 23, 2011 at 5:54 PM, Mansour Moufid <mansourmoufid@xxxxxxxxx> wrote:
>> A couple changes in the file `http.c'.
>>
>> Removed the `scratch_space' variable from the `evhttp_htmlescape'
>> function since it wasn't actually used; also removed the `buf'
>> variable from the `evhttp_htmlescape' function since it was only used
>> by `scratch_space'.
>>
>> Modified the `html_replace' function so that it returns the length of
>> the replacement string instead of the string itself. This is used to
>> easily check for overflows of the `new_size' variable in the first for
>> loop of the `evhttp_htmlescape' function, and thus potential out of
>> bounds writes in the second for loop (if an overflow occurs in
>> new_size, then new_size < old_size). Also check that new_size + 1
>> doesn't overflow in mm_malloc(new_size + 1).
>
> I like it, except for all the 'if (escaped != NULL)' checks:
> assignments are much cheaper than branches, so let's just always pass
> in a pointer for "escaped".
>
> Alternative patch attached: looks ok?

Looks great to me!
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.