linux@youmustbejoking.demon.co.uk(Darren Salt) 01.06.05 20:28
I demand that Rainer Zocholl may or may not have written...
Again: The most beloved problem: Reentrancy...
This C-Function in tools.c looks suspicious:
cString TimeToString(time_t t) { char buffer[32]; if (ctime_r(&t, buffer)) { buffer[strlen(buffer) - 1] = 0; // strip trailing newline return buffer; } return "???"; }
That's harmless.
On the first view it does not look so ;-)
Those return statements are effectively 'return cString (<string>, false)', and the cString constructor will call strdup() if its second parameter is false (and note that that parameter is declared as having a default value).
Ah, ok, but's not vey effective to copy reach string serveral times IMHO.
Pardon my stupid question: And who is freeing that malloced memory later? for example:
cTDT::cTDT(const u_char *Data) :SI::TDT(Data, false) { CheckParse();
time_t sattim = getTime(); time_t loctim = time(NULL);
if (abs(sattim - loctim) > 2) { mutex.Lock(); isyslog("System Time = %s (%ld)\n", *TimeToString(loctim),loctim); isyslog("Local Time = %s (%ld)\n", *TimeToString(sattim),sattim); if (stime(&sattim) < 0) esyslog("ERROR while setting system time: %m"); mutex.Unlock(); } }
The pointer is not stored anywhere. (At least not obviously)
cString strescape(const char *s, const char *chars) { char *buffer; const char *p = s; char *t = NULL; while (*p) { if (strchr(chars, *p)) { if (!t) { buffer = MALLOC(char, 2 * strlen(s) + 1); t = buffer + (p - s); s = strcpy(buffer, s); } *t++ = '\'; } if (t) *t++ = *p; p++; } if (t) *t = 0; return cString(s, t != NULL); }
What happens if the malloc fails? VDR will coredump because of the "*t++" by intention?
Pardon again the stupid question: where/how is that memory freed? recording.c:
void cRecordingUserCommand::InvokeCommand(const char *State, const char *RecordingFileName) { if (command) { char *cmd; asprintf(&cmd, "%s %s "%s"", command, State, *strescape(RecordingFileName, ""$")); isyslog("executing '%s'", cmd); SystemExec(cmd); free(cmd); } }
Does asprintf know it can release the memory? How?
Rainer