[dovecot-cvs] dovecot/src/lib-storage mail-sort.c,1.3,1.4 mail-storage.c,1.4,1.5

cras at procontrol.fi cras at procontrol.fi
Sun Dec 8 07:23:10 EET 2002 

Update of /home/cvs/dovecot/src/lib-storage
In directory danu:/tmp/cvs-serv19285/lib-storage

Modified Files:
	mail-sort.c mail-storage.c 
Log Message:
Added buffer API. Point is to hide all buffer writing behind this API which
verifies that nothing overflows. Much better than doing the same checks all
around the code, even if it is slightly slower.

Buffer reading is still mostly done directly, that isn't such a big security
risk and I can't think of a reasonable API for it anyway.



Index: mail-sort.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-storage/mail-sort.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- mail-sort.c	6 Dec 2002 01:09:23 -0000	1.3
+++ mail-sort.c	8 Dec 2002 05:23:08 -0000	1.4
@@ -1,6 +1,7 @@
 /* Copyright (C) 2002 Timo Sirainen */
 
 #include "lib.h"
+#include "buffer.h"
 #include "ostream.h"
 #include "mail-sort.h"
 
@@ -13,8 +14,7 @@
 	MailSortFuncs funcs;
 	void *func_context;
 
-	size_t sort_buffer_size, sort_buffer_alloc;
-	unsigned int *sort_buffer;
+	Buffer *sort_buffer;
 
 	time_t last_arrival, last_date;
 	uoff_t last_size;
@@ -24,10 +24,9 @@
 static void mail_sort_flush(MailSortContext *ctx);
 
 static MailSortType
-mail_sort_normalize(const MailSortType *input,
-		    MailSortType output[MAX_SORT_PROGRAM_SIZE])
+mail_sort_normalize(const MailSortType *input, Buffer *output)
 {
-        MailSortType mask = 0;
+        MailSortType type, mask = 0;
 	int pos, reverse;
 
 	reverse = FALSE;
@@ -37,20 +36,21 @@
 		else {
 			if ((mask & *input) == 0) {
 				if (reverse) {
-					i_assert(pos < MAX_SORT_PROGRAM_SIZE);
-					output[pos++] = MAIL_SORT_REVERSE;
+					type = MAIL_SORT_REVERSE;
+					buffer_append(output,
+						      &type, sizeof(type));
 				}
 
-				i_assert(pos < MAX_SORT_PROGRAM_SIZE);
-				output[pos++] = *input;
+				buffer_append(output, input, sizeof(*input));
 				mask |= *input;
 			}
+
 			reverse = FALSE;
 		}
 	}
 
-	i_assert(pos < MAX_SORT_PROGRAM_SIZE);
-	output[pos] = MAIL_SORT_END;
+	type = MAIL_SORT_END;
+	buffer_append(output, &type, sizeof(type));
 
 	return mask;
 }
@@ -76,12 +76,20 @@
 	MailSortContext *ctx;
 	MailSortType norm_input[MAX_SORT_PROGRAM_SIZE];
 	MailSortType norm_output[MAX_SORT_PROGRAM_SIZE];
+	Buffer *buf;
 	int i;
 
 	ctx = i_new(MailSortContext, 1);
 
-	mail_sort_normalize(input, norm_input);
-	mail_sort_normalize(output, norm_output);
+	t_push();
+	buf = buffer_create_data(data_stack_pool,
+				 norm_input, sizeof(norm_input));
+	mail_sort_normalize(input, buf);
+
+	buf = buffer_create_data(data_stack_pool,
+				 norm_output, sizeof(norm_output));
+	mail_sort_normalize(output, buf);
+	t_pop();
 
 	/* remove the common part from output, we already know input is sorted
 	   that much so we don't have to worry about it. */
@@ -92,8 +100,9 @@
 		ctx->output[i] = output[i];
 	ctx->output[i] = MAIL_SORT_END;
 
-	ctx->sort_buffer_alloc = 128;
-	ctx->sort_buffer = i_new(unsigned int, ctx->sort_buffer_alloc);
+	ctx->sort_buffer = buffer_create_dynamic(system_pool,
+						 128 * sizeof(unsigned int),
+						 (size_t)-1);
 
 	ctx->funcs = funcs;
 	ctx->func_context = context;
@@ -103,13 +112,13 @@
 void mail_sort_deinit(MailSortContext *ctx)
 {
 	mail_sort_flush(ctx);
+	buffer_free(ctx->sort_buffer);
 
 	i_free(ctx->last_cc);
 	i_free(ctx->last_from);
 	i_free(ctx->last_subject);
 	i_free(ctx->last_to);
 
-	i_free(ctx->sort_buffer);
 	i_free(ctx);
 }
 
@@ -216,14 +225,7 @@
 	if (ctx->common_mask != 0)
 		mail_sort_check_flush(ctx, id);
 
-	if (ctx->sort_buffer_size == ctx->sort_buffer_alloc) {
-		ctx->sort_buffer_alloc *= 2;
-		ctx->sort_buffer = i_realloc(ctx->sort_buffer,
-					     ctx->sort_buffer_alloc *
-					     sizeof(unsigned int));
-	}
-
-	ctx->sort_buffer[ctx->sort_buffer_size++] = id;
+	buffer_append(ctx->sort_buffer, &id, sizeof(id));
 }
 
 static MailSortContext *mail_sort_qsort_context;
@@ -298,12 +300,15 @@
 
 static void mail_sort_flush(MailSortContext *ctx)
 {
+	unsigned int *arr;
+	size_t count;
+
 	mail_sort_qsort_context = ctx;
 
-	qsort(ctx->sort_buffer, ctx->sort_buffer_size, sizeof(unsigned int),
-	      mail_sort_qsort_func);
+	arr = buffer_get_modifyable_data(ctx->sort_buffer, NULL);
+	count = buffer_get_used_size(ctx->sort_buffer) / sizeof(unsigned int);
+	qsort(arr, count, sizeof(unsigned int), mail_sort_qsort_func);
 
-	ctx->funcs.output(ctx->sort_buffer, ctx->sort_buffer_size,
-			  ctx->func_context);
-	ctx->sort_buffer_size = 0;
+	ctx->funcs.output(arr, count, ctx->func_context);
+	buffer_set_used_size(ctx->sort_buffer, 0);
 }

Index: mail-storage.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-storage/mail-storage.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- mail-storage.c	24 Aug 2002 02:04:45 -0000	1.4
+++ mail-storage.c	8 Dec 2002 05:23:08 -0000	1.5
@@ -147,12 +147,11 @@
 void mail_storage_set_internal_error(MailStorage *storage)
 {
 	struct tm *tm;
-	char *str;
+	char str[256];
 
 	tm = localtime(&ioloop_time);
-	str = t_buffer_get(256);
 
-	storage->error = strftime(str, 256, CRITICAL_MSG, tm) > 0 ?
+	storage->error = strftime(str, sizeof(str), CRITICAL_MSG, tm) > 0 ?
 		i_strdup(str) : i_strdup("Internal error");
 }

More information about the dovecot-cvs mailing list