Re: protecting malloc(), etc

Date view Thread view Subject view Author view

From: Godmar Back (gback@cs.utah.edu)
Date: Sun Feb 07 1999 - 18:14:07 EST


>
> Godmar Back writes:
> > So, sprintf is not safe.
> > I think we should just steal a stand-alone snprintf implementation from
> > somewhere: for instance, from the OSKit (or even from Linux's ld.so).
>
> This is I believe exactly what Apache does.
>

Well, put it on the TODO list: include a snprintf impl that's self-contained
and does not call malloc. Another item that's on the TODO list:
write a function that throws an exception with a msg constructed in a
printf like fashion, like so
        SignalError("java.io.IOException", "%s:%s", filename, SYS_ERROR(rc));
The second functions would use the first.

Apropos SYS_ERROR(rc). You've noticed the recent set of changes.
The calling contracts of the jsyscall functions changed. You need to put
down your POSIX hat and put up your Mach hat when reading those calls.
That is, output values by reference and a zero return code signals success,
non-zero return codes are error codes.

Some of the signatures of the jsyscall functions changed. The ones that
changed should be fine. The ones that didn't change, like "stat",
are more difficult and I may have missed some call sites. Basically, code
like
        rc = KSTAT(fd, &st);
        if (rc < 0) {
                SignalError(..)
        }

is now broken, it should be

        rc = KSTAT(fd, &st);
        if (rc) {
                SignalError(..)
        }

since rc is no longer -1 on failure, but contains errno.
Just something to look out for.

Also, as I said, I put gethostbyname/addr in intsDisable/intsRestore
brackets, blocking the whole process for name lookups. I'd really to
have/steal a "DNS client" process with which you communicate via pipes
to avoid this (like NetScape has/does).

        - Godmar


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 19:58:00 EDT