diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-10-27 14:24:10 -0400 |
---|---|---|
committer | Dirk Hohndel <dirk@hohndel.org> | 2019-10-27 12:42:54 -0700 |
commit | a9b1fbdcc5aba16cb5b5d3acdbbe2b4e48768e1c (patch) | |
tree | fd8a32ac646d356c363b0cdc0390e6e7a48441eb /core | |
parent | d401271dab8d114c74d7d9ceb1ac39290b1a80d8 (diff) | |
download | subsurface-a9b1fbdcc5aba16cb5b5d3acdbbe2b4e48768e1c.tar.gz |
Don't expose 'detach_buffer()' to membuffer users
The native buffer of a membuffer is not NUL-terminated, so when you want
to detach it and use it as a C string, you had to first do
'mb_cstring()' that adds the proper termination/
This was all documented in the header files, and all but two users did
it correctly.
But there were those two users, and the exported interface was
unnecessarily hard to use. We do want the "just detach the raw buffer"
internally in the membuffer code, but let's not make the exported
interface be that hard to use.
So this switches the exported interface to be 'detach_cstring()', which
does that 'mb_cstring()' for you, and avoids the possibility that you'd
use a non-terminated memory buffer as a C string.
The old 'detach_buffer()' is now purely the internal membuffer
implementation, and not used by others.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/errorhelper.c | 3 | ||||
-rw-r--r-- | core/membuffer.c | 12 | ||||
-rw-r--r-- | core/membuffer.h | 14 | ||||
-rw-r--r-- | core/plannernotes.c | 5 | ||||
-rw-r--r-- | core/tag.c | 3 | ||||
-rw-r--r-- | core/unix.c | 3 |
6 files changed, 19 insertions, 21 deletions
diff --git a/core/errorhelper.c b/core/errorhelper.c index 7c30867a7..36b58e264 100644 --- a/core/errorhelper.c +++ b/core/errorhelper.c @@ -22,8 +22,7 @@ int report_error(const char *fmt, ...) return -1; VA_BUF(&buf, fmt); - mb_cstring(&buf); - error_cb(detach_buffer(&buf)); + error_cb(detach_cstring(&buf)); return -1; } diff --git a/core/membuffer.c b/core/membuffer.c index 548b70d45..8efb04c9e 100644 --- a/core/membuffer.c +++ b/core/membuffer.c @@ -12,7 +12,8 @@ #include "dive.h" #include "membuffer.h" -char *detach_buffer(struct membuffer *b) +/* Only for internal use */ +static char *detach_buffer(struct membuffer *b) { char *result = b->buffer; b->buffer = NULL; @@ -21,6 +22,12 @@ char *detach_buffer(struct membuffer *b) return result; } +char *detach_cstring(struct membuffer *b) +{ + mb_cstring(b); + return detach_buffer(b); +} + void free_buffer(struct membuffer *b) { free(detach_buffer(b)); @@ -117,8 +124,7 @@ char *vformat_string(const char *fmt, va_list args) { struct membuffer mb = { 0 }; put_vformat(&mb, fmt, args); - mb_cstring(&mb); - return detach_buffer(&mb); + return detach_cstring(&mb); } char *format_string(const char *fmt, ...) diff --git a/core/membuffer.h b/core/membuffer.h index 03c42a61d..6d497371c 100644 --- a/core/membuffer.h +++ b/core/membuffer.h @@ -23,17 +23,13 @@ * * "something, something else" * - * Unless ownership to the buffer is given away say to a caller + * Unless ownership to the buffer is given away by using "detach_cstring()": * - * mb_cstring(&mb); - * return detach_buffer(&mb); - * - * or via a callback + * ptr = detach_cstring(); * - * mb_cstring(&mb); - * cb(detach_buffer(&mb)); + * where the caller now has a C string and is supposed to free it. * - * otherwise allocated memory should be freed + * Otherwise allocated memory should be freed * * free_buffer(&mb); */ @@ -60,7 +56,7 @@ struct membuffer { #define __printf(x, y) #endif -extern char *detach_buffer(struct membuffer *b); +extern char *detach_cstring(struct membuffer *b); extern void free_buffer(struct membuffer *); extern void make_room(struct membuffer *b, unsigned int size); extern void flush_buffer(struct membuffer *, FILE *); diff --git a/core/plannernotes.c b/core/plannernotes.c index 2d7b77948..c72ac901a 100644 --- a/core/plannernotes.c +++ b/core/plannernotes.c @@ -89,7 +89,7 @@ char *get_planner_disclaimer_formatted() const char *deco = decoMode() == VPMB ? translate("gettextFromC", "VPM-B") : translate("gettextFromC", "BUHLMANN"); put_format(&buf, get_planner_disclaimer(), deco); - return detach_buffer(&buf); + return detach_cstring(&buf); } void add_plan_to_notes(struct diveplan *diveplan, struct dive *dive, bool show_disclaimer, int error) @@ -618,9 +618,8 @@ void add_plan_to_notes(struct diveplan *diveplan, struct dive *dive, bool show_d if (o2warning_exist) put_string(&buf, "</div>\n"); finished: - mb_cstring(&buf); free(dive->notes); - dive->notes = detach_buffer(&buf); + dive->notes = detach_cstring(&buf); #ifdef DEBUG_PLANNER_NOTES printf("<!DOCTYPE html>\n<html>\n\t<head><title>plannernotes</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/></head>\n\t<body>\n%s\t</body>\n</html>\n", dive->notes); #endif diff --git a/core/tag.c b/core/tag.c index ba88ab879..66dcfcef8 100644 --- a/core/tag.c +++ b/core/tag.c @@ -72,8 +72,7 @@ char *taglist_get_tagstring(struct tag_entry *tag_list) * - empty tag list * - tag list with empty tag only */ - mb_cstring(&b); - return detach_buffer(&b); + return detach_cstring(&b); } static inline void taglist_free_divetag(struct divetag *tag) diff --git a/core/unix.c b/core/unix.c index a867d5013..5106278a2 100644 --- a/core/unix.c +++ b/core/unix.c @@ -60,8 +60,7 @@ void subsurface_user_info(struct user_info *user) struct membuffer mb = {}; gethostname(hostname, sizeof(hostname)); put_format(&mb, "%s@%s", username, hostname); - mb_cstring(&mb); - user->email = detach_buffer(&mb); + user->email = detach_cstring(&mb); } } |