linux@xxxxxxxxxxxxxxxxxxxxxxxxxxx(Darren Salt) 01.06.05 20:28 >I demand that Rainer Zocholl may or may not have written... >> Again: >> The most beloved problem: Reentrancy... >> This C-Function in tools.c looks suspicious: >> cString TimeToString(time_t t) >> { >> char buffer[32]; >> if (ctime_r(&t, buffer)) { >> buffer[strlen(buffer) - 1] = 0; // strip trailing newline >> return buffer; >> } >> return "???"; >> } >That's harmless. On the first view it does not look so ;-) >Those return statements are effectively 'return cString (<string>, >false)', and the cString constructor will call strdup() if its second >parameter is false (and note that that parameter is declared as having >a default value). Ah, ok, but's not vey effective to copy reach string serveral times IMHO. Pardon my stupid question: And who is freeing that malloced memory later? for example: cTDT::cTDT(const u_char *Data) :SI::TDT(Data, false) { CheckParse(); time_t sattim = getTime(); time_t loctim = time(NULL); if (abs(sattim - loctim) > 2) { mutex.Lock(); isyslog("System Time = %s (%ld)\n", *TimeToString(loctim),loctim); isyslog("Local Time = %s (%ld)\n", *TimeToString(sattim),sattim); if (stime(&sattim) < 0) esyslog("ERROR while setting system time: %m"); mutex.Unlock(); } } The pointer is not stored anywhere. (At least not obviously) cString strescape(const char *s, const char *chars) { char *buffer; const char *p = s; char *t = NULL; while (*p) { if (strchr(chars, *p)) { if (!t) { buffer = MALLOC(char, 2 * strlen(s) + 1); t = buffer + (p - s); s = strcpy(buffer, s); } *t++ = '\\'; } if (t) *t++ = *p; p++; } if (t) *t = 0; return cString(s, t != NULL); } What happens if the malloc fails? VDR will coredump because of the "*t++" by intention? Pardon again the stupid question: where/how is that memory freed? recording.c: void cRecordingUserCommand::InvokeCommand(const char *State, const char *RecordingFileName) { if (command) { char *cmd; asprintf(&cmd, "%s %s \"%s\"", command, State, *strescape(RecordingFileName, "\"$")); isyslog("executing '%s'", cmd); SystemExec(cmd); free(cmd); } } Does asprintf know it can release the memory? How? Rainer