aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Linus Torvalds <torvalds@linux-foundation.org>2019-10-27 14:24:10 -0400
committerGravatar Dirk Hohndel <dirk@hohndel.org>2019-10-27 12:42:54 -0700
commita9b1fbdcc5aba16cb5b5d3acdbbe2b4e48768e1c (patch)
treefd8a32ac646d356c363b0cdc0390e6e7a48441eb
parentd401271dab8d114c74d7d9ceb1ac39290b1a80d8 (diff)
downloadsubsurface-a9b1fbdcc5aba16cb5b5d3acdbbe2b4e48768e1c.tar.gz
Don't expose 'detach_buffer()' to membuffer users
The native buffer of a membuffer is not NUL-terminated, so when you want to detach it and use it as a C string, you had to first do 'mb_cstring()' that adds the proper termination/ This was all documented in the header files, and all but two users did it correctly. But there were those two users, and the exported interface was unnecessarily hard to use. We do want the "just detach the raw buffer" internally in the membuffer code, but let's not make the exported interface be that hard to use. So this switches the exported interface to be 'detach_cstring()', which does that 'mb_cstring()' for you, and avoids the possibility that you'd use a non-terminated memory buffer as a C string. The old 'detach_buffer()' is now purely the internal membuffer implementation, and not used by others. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--core/errorhelper.c3
-rw-r--r--core/membuffer.c12
-rw-r--r--core/membuffer.h14
-rw-r--r--core/plannernotes.c5
-rw-r--r--core/tag.c3
-rw-r--r--core/unix.c3
-rw-r--r--desktop-widgets/tab-widgets/TabDivePhotos.cpp2
7 files changed, 20 insertions, 22 deletions
diff --git a/core/errorhelper.c b/core/errorhelper.c
index 7c30867a7..36b58e264 100644
--- a/core/errorhelper.c
+++ b/core/errorhelper.c
@@ -22,8 +22,7 @@ int report_error(const char *fmt, ...)
return -1;
VA_BUF(&buf, fmt);
- mb_cstring(&buf);
- error_cb(detach_buffer(&buf));
+ error_cb(detach_cstring(&buf));
return -1;
}
diff --git a/core/membuffer.c b/core/membuffer.c
index 548b70d45..8efb04c9e 100644
--- a/core/membuffer.c
+++ b/core/membuffer.c
@@ -12,7 +12,8 @@
#include "dive.h"
#include "membuffer.h"
-char *detach_buffer(struct membuffer *b)
+/* Only for internal use */
+static char *detach_buffer(struct membuffer *b)
{
char *result = b->buffer;
b->buffer = NULL;
@@ -21,6 +22,12 @@ char *detach_buffer(struct membuffer *b)
return result;
}
+char *detach_cstring(struct membuffer *b)
+{
+ mb_cstring(b);
+ return detach_buffer(b);
+}
+
void free_buffer(struct membuffer *b)
{
free(detach_buffer(b));
@@ -117,8 +124,7 @@ char *vformat_string(const char *fmt, va_list args)
{
struct membuffer mb = { 0 };
put_vformat(&mb, fmt, args);
- mb_cstring(&mb);
- return detach_buffer(&mb);
+ return detach_cstring(&mb);
}
char *format_string(const char *fmt, ...)
diff --git a/core/membuffer.h b/core/membuffer.h
index 03c42a61d..6d497371c 100644
--- a/core/membuffer.h
+++ b/core/membuffer.h
@@ -23,17 +23,13 @@
*
* "something, something else"
*
- * Unless ownership to the buffer is given away say to a caller
+ * Unless ownership to the buffer is given away by using "detach_cstring()":
*
- * mb_cstring(&mb);
- * return detach_buffer(&mb);
- *
- * or via a callback
+ * ptr = detach_cstring();
*
- * mb_cstring(&mb);
- * cb(detach_buffer(&mb));
+ * where the caller now has a C string and is supposed to free it.
*
- * otherwise allocated memory should be freed
+ * Otherwise allocated memory should be freed
*
* free_buffer(&mb);
*/
@@ -60,7 +56,7 @@ struct membuffer {
#define __printf(x, y)
#endif
-extern char *detach_buffer(struct membuffer *b);
+extern char *detach_cstring(struct membuffer *b);
extern void free_buffer(struct membuffer *);
extern void make_room(struct membuffer *b, unsigned int size);
extern void flush_buffer(struct membuffer *, FILE *);
diff --git a/core/plannernotes.c b/core/plannernotes.c
index 2d7b77948..c72ac901a 100644
--- a/core/plannernotes.c
+++ b/core/plannernotes.c
@@ -89,7 +89,7 @@ char *get_planner_disclaimer_formatted()
const char *deco = decoMode() == VPMB ? translate("gettextFromC", "VPM-B")
: translate("gettextFromC", "BUHLMANN");
put_format(&buf, get_planner_disclaimer(), deco);
- return detach_buffer(&buf);
+ return detach_cstring(&buf);
}
void add_plan_to_notes(struct diveplan *diveplan, struct dive *dive, bool show_disclaimer, int error)
@@ -618,9 +618,8 @@ void add_plan_to_notes(struct diveplan *diveplan, struct dive *dive, bool show_d
if (o2warning_exist)
put_string(&buf, "</div>\n");
finished:
- mb_cstring(&buf);
free(dive->notes);
- dive->notes = detach_buffer(&buf);
+ dive->notes = detach_cstring(&buf);
#ifdef DEBUG_PLANNER_NOTES
printf("<!DOCTYPE html>\n<html>\n\t<head><title>plannernotes</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/></head>\n\t<body>\n%s\t</body>\n</html>\n", dive->notes);
#endif
diff --git a/core/tag.c b/core/tag.c
index ba88ab879..66dcfcef8 100644
--- a/core/tag.c
+++ b/core/tag.c
@@ -72,8 +72,7 @@ char *taglist_get_tagstring(struct tag_entry *tag_list)
* - empty tag list
* - tag list with empty tag only
*/
- mb_cstring(&b);
- return detach_buffer(&b);
+ return detach_cstring(&b);
}
static inline void taglist_free_divetag(struct divetag *tag)
diff --git a/core/unix.c b/core/unix.c
index a867d5013..5106278a2 100644
--- a/core/unix.c
+++ b/core/unix.c
@@ -60,8 +60,7 @@ void subsurface_user_info(struct user_info *user)
struct membuffer mb = {};
gethostname(hostname, sizeof(hostname));
put_format(&mb, "%s@%s", username, hostname);
- mb_cstring(&mb);
- user->email = detach_buffer(&mb);
+ user->email = detach_cstring(&mb);
}
}
diff --git a/desktop-widgets/tab-widgets/TabDivePhotos.cpp b/desktop-widgets/tab-widgets/TabDivePhotos.cpp
index 72a14916b..775308e3b 100644
--- a/desktop-widgets/tab-widgets/TabDivePhotos.cpp
+++ b/desktop-widgets/tab-widgets/TabDivePhotos.cpp
@@ -132,7 +132,7 @@ void TabDivePhotos::saveSubtitles()
continue;
struct membuffer b = { 0 };
save_subtitles_buffer(&b, &displayed_dive, offset, duration);
- char *data = detach_buffer(&b);
+ char *data = detach_cstring(&b);
subtitlefile.open(QIODevice::WriteOnly);
subtitlefile.write(data, strlen(data));
subtitlefile.close();