From 14dc4a7781a74a156a418690467554bae4a79b97 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Sat, 30 May 2015 00:02:51 +0200 Subject: Abort on strbuf errors Users of the strbuf API are supposed to check for an OOM condition after appending to strbufs, but: * This is never done in the whole code base. * The implementation was flawed because only `ptr` was set to the OOM value without adjusting `size` and `asize`. After an error, subsequent calls could very well lead to segfaults, contrary to the documentation. Change the code to always abort on errors with a message printed to stderr. The only alternative is to propagate errors throughout the whole library which seems infeasible. --- src/buffer.h | 56 +++++++++----------------------------------------------- 1 file changed, 9 insertions(+), 47 deletions(-) (limited to 'src/buffer.h') diff --git a/src/buffer.h b/src/buffer.h index fb9f910..417df26 100644 --- a/src/buffer.h +++ b/src/buffer.h @@ -16,8 +16,6 @@ typedef struct { extern unsigned char cmark_strbuf__initbuf[]; -extern unsigned char cmark_strbuf__oom[]; - #define GH_BUF_INIT { cmark_strbuf__initbuf, 0, 0 } /** @@ -28,42 +26,14 @@ extern unsigned char cmark_strbuf__oom[]; */ void cmark_strbuf_init(cmark_strbuf *buf, int initial_size); -/** - * Attempt to grow the buffer to hold at least `target_size` bytes. - * - * If the allocation fails, this will return an error. If mark_oom is true, - * this will mark the buffer as invalid for future operations; if false, - * existing buffer content will be preserved, but calling code must handle - * that buffer was not expanded. - */ -int cmark_strbuf_try_grow(cmark_strbuf *buf, int target_size, bool mark_oom); - /** * Grow the buffer to hold at least `target_size` bytes. - * - * If the allocation fails, this will return an error and the buffer will be - * marked as invalid for future operations, invaliding contents. - * - * @return 0 on success or -1 on failure */ -int cmark_strbuf_grow(cmark_strbuf *buf, int target_size); +void cmark_strbuf_grow(cmark_strbuf *buf, int target_size); void cmark_strbuf_free(cmark_strbuf *buf); void cmark_strbuf_swap(cmark_strbuf *buf_a, cmark_strbuf *buf_b); -/** - * Test if there have been any reallocation failures with this cmark_strbuf. - * - * Any function that writes to a cmark_strbuf can fail due to memory allocation - * issues. If one fails, the cmark_strbuf will be marked with an OOM error and - * further calls to modify the buffer will fail. Check cmark_strbuf_oom() at the - * end of your sequence and it will be true if you ran out of memory at any - * point with that buffer. - * - * @return false if no error, true if allocation error - */ -bool cmark_strbuf_oom(const cmark_strbuf *buf); - size_t cmark_strbuf_len(const cmark_strbuf *buf); int cmark_strbuf_cmp(const cmark_strbuf *a, const cmark_strbuf *b); @@ -79,22 +49,14 @@ static inline const char *cmark_strbuf_cstr(const cmark_strbuf *buf) #define cmark_strbuf_at(buf, n) ((buf)->ptr[n]) -/* - * Functions below that return int value error codes will return 0 on - * success or -1 on failure (which generally means an allocation failed). - * Using a cmark_strbuf where the allocation has failed with result in -1 from - * all further calls using that buffer. As a result, you can ignore the - * return code of these functions and call them in a series then just call - * cmark_strbuf_oom at the end. - */ -int cmark_strbuf_set(cmark_strbuf *buf, const unsigned char *data, int len); -int cmark_strbuf_sets(cmark_strbuf *buf, const char *string); -int cmark_strbuf_putc(cmark_strbuf *buf, int c); -int cmark_strbuf_put(cmark_strbuf *buf, const unsigned char *data, int len); -int cmark_strbuf_puts(cmark_strbuf *buf, const char *string); -int cmark_strbuf_printf(cmark_strbuf *buf, const char *format, ...) -CMARK_ATTRIBUTE((format (printf, 2, 3))); -int cmark_strbuf_vprintf(cmark_strbuf *buf, const char *format, va_list ap); +void cmark_strbuf_set(cmark_strbuf *buf, const unsigned char *data, int len); +void cmark_strbuf_sets(cmark_strbuf *buf, const char *string); +void cmark_strbuf_putc(cmark_strbuf *buf, int c); +void cmark_strbuf_put(cmark_strbuf *buf, const unsigned char *data, int len); +void cmark_strbuf_puts(cmark_strbuf *buf, const char *string); +void cmark_strbuf_printf(cmark_strbuf *buf, const char *format, ...) + CMARK_ATTRIBUTE((format (printf, 2, 3))); +void cmark_strbuf_vprintf(cmark_strbuf *buf, const char *format, va_list ap); void cmark_strbuf_clear(cmark_strbuf *buf); int cmark_strbuf_strchr(const cmark_strbuf *buf, int c, int pos); -- cgit v1.2.3