[sr-dev] git:master: core: expr string length fixup fix

Andrei Pelinescu-Onciul andrei at iptel.org
Sat Jul 18 10:18:41 CEST 2009 

Module: sip-router
Branch: master
Commit: 009a8756c1accb2406adecf3e1b20f315f51a24d
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=009a8756c1accb2406adecf3e1b20f315f51a24d

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Sat Jul 18 10:05:16 2009 +0200

core: expr string length fixup fix

- moved the string length fixup before the rve/rval optimisations:
  the string length fixup was executed after the rve/rval
  optimisations and would try to re-calculate the length of the
  string (which was already filled in by the optimizer). However
  the rval optimizer did not 0-terminate strings => this second
  re-calculation was wrong.

- the rve/rval optimiser 0 terminates strings (although not
  strictly needed it's better for debugging and would avoid
  problems similar to the above one).

- don't try to fix a string in the left side of an expression,
  there can be no strings there (and by chance
  METHOD_O==STRING_ST).

Reported-by: Juha Heinanen  jh at tutpro com

---

 route.c |   30 +++++++++++++-----------------
 1 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/route.c b/route.c
index effb608..7c01a3b 100644
--- a/route.c
+++ b/route.c
@@ -435,6 +435,7 @@ static int exp_optimize_right(struct expr* exp)
 					if (exp->r.str.s){
 						exp->r.str.len=rval->v.s.len;
 						memcpy(exp->r.str.s, rval->v.s.s, rval->v.s.len);
+						exp->r.str.s[exp->r.str.len]=0;
 						exp->r_type=STRING_ST;
 						rval_destroy(rval);
 						pkg_free(rve);
@@ -503,6 +504,7 @@ int fix_expr(struct expr* exp)
 {
 	regex_t* re;
 	int ret;
+	int len;
 
 	ret=E_BUG;
 	if (exp==0){
@@ -525,8 +527,17 @@ int fix_expr(struct expr* exp)
 								exp->op);
 		}
 	}else if (exp->type==ELEM_T){
-			/* first fix & optimize rve/rvals (they might be optimized
-			   to non-rvals, e.g. string, avp a.s.o) */
+			/* first calculate lengths of strings  (only right side, since 
+			  left side can never be a string) */
+			if (exp->r_type==STRING_ST) {
+				if (exp->r.string) len = strlen(exp->r.string);
+				else len = 0;
+				exp->r.str.s = exp->r.string;
+				exp->r.str.len = len;
+			}
+			/* then fix & optimize rve/rvals (they might be optimized
+			   to non-rvals, e.g. string, avp a.s.o and needs to be done
+			   before MATCH_OP and other fixups) */
 			if (exp->l_type==RVEXP_O){
 				if ((ret=fix_rval_expr(&exp->l.param))<0){
 					ERR("Unable to fix left rval expression\n");
@@ -544,21 +555,6 @@ int fix_expr(struct expr* exp)
 					exp_optimize_right(exp);
 			}
 			
-			/* Calculate lengths of strings */
-			if (exp->l_type==STRING_ST) {
-				int len;
-				if (exp->l.string) len = strlen(exp->l.string);
-				else len = 0;
-				exp->l.str.s = exp->l.string;
-				exp->l.str.len = len;
-			}
-			if (exp->r_type==STRING_ST) {
-				int len;
-				if (exp->r.string) len = strlen(exp->r.string);
-				else len = 0;
-				exp->r.str.s = exp->r.string;
-				exp->r.str.len = len;
-			}
 			
 			if (exp->op==MATCH_OP){
 				     /* right side either has to be string, in which case

More information about the sr-dev mailing list