On 05/24/2013 06:57 AM, Michal Privoznik wrote: > On 24.05.2013 11:53, Michal Privoznik wrote: >> With previous patch, we accept negative value as length of string to >> duplicate. So there is no need to pass strlen(src) in case we want to do >> duplicate the whole string. >> --- >> - if (VIR_STRNDUP(arg, curr, next ? next - curr : strlen(curr)) < 0) >> + if (VIR_STRNDUP(arg, curr, next ? next - curr : -1) < 0) > > Or we can even go with 'VIR_STRNDUP(arg, curr, next - curr) < 0' but > that's not so easy to read. The rationale behind is: I intentionally > made VIR_STRNDUP to accept *any* negative value, not just -1. Because if > strrchr(cur, '\n') just a few lines above fails, next is just NULL. > Deducting from NULL will get a negative value. Which will make > VIR_STRNDUP duplicate the while string. But I worry that it would be an > ugly code, wouldn't it? It would be undefined behavior according to the C standard. Pointer subtraction is only well-defined within the bounds of a single object; your object (in C terminology) starts at 'curr' and ends at the NUL byte that terminates 'curr'. NULL falls outside that bounds. 'next - curr' is not guaranteed to be negative, since C says the behavior is undefined. Stick with the long form. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list