Home » U++ Library support » U++ MT-multithreading and servers » Web/TServ [BUG][FIXED]
Web/TServ [BUG][FIXED] [message #2139] |
Sun, 02 April 2006 12:29 |
hojtsy
Messages: 241 Registered: January 2006 Location: Budapest, Hungary
|
Experienced Member |
|
|
This code in Web/TServ seems to be a failed attempt at being very tricky.
if(*_command == '\"') {
while(*++_command && *_command != '\"' || *++_command == '\"')
exec.Cat(*_command);
}
This could crash on a certain kind of unexpected input. If the string starts with a quote, but does not contain the closing pair, the memory after the \0 is read and compared to the quote char. This could be segfault in itself, but if it accidentally equals quote, the memory is read further. I suppose that the other side of the app does not send such invalid string, but it would still be more elegant to not crash on any kind of input.
[Updated on: Wed, 03 May 2006 20:04] by Moderator Report message to a moderator
|
|
|
|
|
Re: bug in Web/TServ [message #2240 is a reply to message #2238] |
Wed, 05 April 2006 07:57 |
rylek
Messages: 79 Registered: November 2005
|
Member |
|
|
I guess you're right. The bug you have found by itself suggests such code is error-prone. I'm not a big fan of three-line boolean expressions but from time to time they're really hard to resist . As concerns the 'exec' variable, you are right again. But please also note there are literally tens of thousands global functions in both Windows and Linux development environment, in API, in the various plugins and in our own code as well, so the requirement, when taken absolutely, is much easier said than done. I'm currently quite content if I manage to avoid accidentally using macros for variable names, which doesn't work at all (not mentioning half of our methods which are invisibly appended the 'A' prefix in Windows because of hosts of the Unicode-compatibility macros), or having two nested for-loops in the same control variable,
for(int i;;)
for(int i;;)
...
and even this can be sometimes tricky to avoid in a 300-line routine. Returning to the programming tutorials, one should not write 300-line routines, but again I've already met a few occasions (not many, to be honest) where breaking a long function into a multitude of smaller ones seemed to me both to decrease code legibility and to make the code less efficient. Sometimes the practical work calls for a compromise and here's the one I'm offering: next time I'm doing something with TServ, if I stumble over the above discussed code, I'll rewrite the while loop and rename the 'exec' variable.
Regards
Tomas
P.S. A little final point: the aforementioned while loop is indeed tricky, but I see it as a rather elegant way to skip quote-escaped quotes in strings. Honestly I use it rather often, thankfully most of the times without the omitted parentheses. Please just try yourself to rewrite it without the complex condition and I bet you'll find the resulting code rather ugly too .
[Updated on: Wed, 05 April 2006 08:02] Report message to a moderator
|
|
|
Goto Forum:
Current Time: Sat Sep 21 01:24:38 CEST 2024
Total time taken to generate the page: 0.05236 seconds
|