Re: [HACKERS] Open 6.4 items

Tom Lane <tgl@sss.pgh.pa.us> writes:

> Well, I hate to ruin your day,

You sure didn't!  You made my day!  :-)

> but coming pre-armed with the knowledge
> that the code is writing one byte too many, it's pretty obvious that the
> first loop in inet_net_pton_ipv4 does indeed do that.  Specifically at
>             else if (size-- > 0)
>                 *++dst = 0, dirty = 0;
> where, when size (the number of remaining destination bytes) is reduced
> to 0, the code nonetheless advances dst and clears the next byte.

You're quite right, and I should have caught this one myself, only I
must have goofed when I tested the function.  (It is written in a
style that's just obscure enough that I chose testing it instead of
studying it until I understood in detail what it did.)  As far as I
can tell, the only actual error in Paul Vixie's code is that the two
lines you quote above should be:

            else if (--size > 0)
                *++dst = 0, dirty = 0;

That is, size should be predecremented instead of postdecremented.
I'm cc-ing Paul on this, as I assume he wants to get the fix into
BIND, which is where inet_net_ntop() and inet_net_pton() came from.

> BTW, shouldn't this routine clear out all "size" bytes of the
> destination, even if the given data doesn't fill it all?  A memset
> at the top might be worthwhile.

It does: there is code further down that handles that.  Another
example of the obscure programming style: this function really shows
what a low-level language C is!  :-)

-tih
--
Popularity is the hallmark of mediocrity.  --Niles Crane, "Frasier"