[Modcplusplus-devel] Fix unportable and unsafe code.
Brought to you by:
gr84b8,
johnksterling
Menu
▾
▴
[Modcplusplus-devel] Fix unportable and unsafe code.
|
From: Jonathan W. <co...@co...> - 2005-07-31 11:41:34
|
Hi, This patch against the latest CVS version corrects a few things I found that look wrong or dangerous. Firstly, in src/apache_handler.cpp if any handler thows an exception then the object pointed to be pRequest will not be destroyed, resulting in a memory (and possibly other resource) leak. This can be avoided by using std::auto_ptr to ensure the object is destroyed. Alternatively, couldn't the object be created on the stack instead of on the heap? Secondly, in src/env_value.cpp env_value::operator[] is defined to take a (signed) int, but vector::operator[] takes unsigned. If a negative value is passed to the function then it results in undefined behaviour. The parameter should be unsigned, or to avoid an interface change it should be converted to unsigned before use. Thirdly, example/input_filter/test_input.cpp uses a printf format specifier of %d to print a variable of type apr_size_t, which on my system is a size_t, which is an unsigned 64-bit type, whereas int is a signed 32-bit type. This will truncate the value and only print part of it. To be portable the length should be cast to unsigned long and the format specifier changed accordingly. Finally, example/handler/test_auth.cpp does not initialise the sent_pw variable, but then uses it without checking whether it was set or not. This can result in ap_log_error reading uninitialised memory. jon -- "Most people would sooner die than think; in fact, they do so." - Bertrand Russell |
