Hi Ken, On Sun, Apr 01, 2007 at 03:15:43PM -0400, Benj. Mako Hill wrote: > > Package: mairix > Version: 0.20-1 > Severity: important > Tags: patch > > Hello, > > make_nvp() crashes if the input string is not valid, because > nvp_next_state may return -1. Changing
-1 indicates that the state machine has gone over the edge because of a syntax error in the input. > > current_state = nvp_next_state(current_state, tok); > > to > > if (0 > (current_state = nvp_next_state(current_state, tok))) > current_state = nvp_in; > > in nvp.c fixes this problem. I'm not convinced this is the right fix. Doesn't this just say "OK, the line so far is garbage, so we'll start parsing again at this point and see whether we find some good stuff." ? Looking over the code (I've long since forgotten what I wrote last year!), I think all the clients of nvp.c are designed to treat a NULL result from make_nvp as meaning the line could not be parsed or was non-existent. So I think a better fix would be to return NULL if nvp_next_state returns -1. Do you have the time to try that, if you still have the test case that failed before? Thanks Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
