[asterisk-commits] tilghman: trunk r145076 - /trunk/res/res_config_pgsql.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sun Sep 28 16:39:08 CDT 2008 

Author: tilghman
Date: Sun Sep 28 16:39:07 2008
New Revision: 145076

URL: http://svn.digium.com/view/asterisk?view=rev&rev=145076
Log:
Change several improper "sizeof" to "strlen", as sizeof in that context would
incorrectly use the size of a pointer, rather than the length of a string.
(Closes issue #13574)

Modified:
    trunk/res/res_config_pgsql.c

Modified: trunk/res/res_config_pgsql.c
URL: http://svn.digium.com/view/asterisk/trunk/res/res_config_pgsql.c?view=diff&rev=145076&r1=145075&r2=145076
==============================================================================
--- trunk/res/res_config_pgsql.c (original)
+++ trunk/res/res_config_pgsql.c Sun Sep 28 16:39:07 2008
@@ -642,14 +642,22 @@
 	return -1;
 }
 
+#define ESCAPE_STRING(buffer, stringname) \
+	do { \
+		int len; \
+		if ((len = strlen(stringname)) > (buffer->len - 1) / 2) { \
+			ast_str_make_space(&buffer, len * 2 + 1); \
+		} \
+		PQescapeStringConn(pgsqlConn, buffer->str, stringname, len, &pgresult); \
+	} while (0)
+
 static int store_pgsql(const char *database, const char *table, va_list ap)
 {
 	PGresult *result = NULL;
 	Oid insertid;
-	char sql[256];
-	char params[256];
-	char vals[256];
-	char buf[256];
+	struct ast_str *buf = ast_str_create(256);
+	struct ast_str *sql1 = ast_str_create(256);
+	struct ast_str *sql2 = ast_str_create(256);
 	int pgresult;
 	const char *newparam, *newval;
 
@@ -667,7 +675,7 @@
 		if (pgsqlConn) {
 			PQfinish(pgsqlConn);
 			pgsqlConn = NULL;
-		};
+		}
 		return -1;
 	}
 
@@ -680,28 +688,31 @@
 
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
-	PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult);
-	snprintf(params, sizeof(params), "%s", buf);
-	PQescapeStringConn(pgsqlConn, buf, newval, sizeof(newval), &pgresult);
-	snprintf(vals, sizeof(vals), "'%s'", buf);
+	ESCAPE_STRING(buf, newparam);
+	ast_str_set(&sql1, 0, "INSERT INTO %s (%s", table, buf->str);
+	ESCAPE_STRING(buf, newval);
+	ast_str_set(&sql2, 0, ") VALUES ('%s'", buf->str);
 	while ((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
-		PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult);
-		snprintf(params + strlen(params), sizeof(params) - strlen(params), ", %s", buf);
-		PQescapeStringConn(pgsqlConn, buf, newval, sizeof(newval), &pgresult);
-		snprintf(vals + strlen(vals), sizeof(vals) - strlen(vals), ", '%s'", buf);
+		ESCAPE_STRING(buf, newparam);
+		ast_str_append(&sql1, 0, ", %s", buf->str);
+		ESCAPE_STRING(buf, newval);
+		ast_str_append(&sql2, 0, ", '%s'", buf->str);
 	}
 	va_end(ap);
-	snprintf(sql, sizeof(sql), "INSERT INTO (%s) VALUES (%s)", params, vals);
-
-	ast_debug(1, "PostgreSQL RealTime: Insert SQL: %s\n", sql);
-
-	if (!(result = PQexec(pgsqlConn, sql))) {
+	ast_str_append(&sql1, 0, "%s)", sql2->str);
+
+	ast_debug(1, "PostgreSQL RealTime: Insert SQL: %s\n", sql1->str);
+
+	if (!(result = PQexec(pgsqlConn, sql1->str))) {
 		ast_log(LOG_WARNING,
 				"PostgreSQL RealTime: Failed to query database. Check debug for more info.\n");
-		ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql);
+		ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql1->str);
 		ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s\n", PQerrorMessage(pgsqlConn));
 		ast_mutex_unlock(&pgsql_lock);
+		ast_free(sql1);
+		ast_free(sql2);
+		ast_free(buf);
 		return -1;
 	} else {
 		ExecStatusType result_status = PQresultStatus(result);
@@ -710,16 +721,22 @@
 			&& result_status != PGRES_NONFATAL_ERROR) {
 			ast_log(LOG_WARNING,
 					"PostgreSQL RealTime: Failed to query database. Check debug for more info.\n");
-			ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql);
+			ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql1->str);
 			ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s (%s)\n",
 						PQresultErrorMessage(result), PQresStatus(result_status));
 			ast_mutex_unlock(&pgsql_lock);
+			ast_free(sql1);
+			ast_free(sql2);
+			ast_free(buf);
 			return -1;
 		}
 	}
 
 	insertid = PQoidValue(result);
 	ast_mutex_unlock(&pgsql_lock);
+	ast_free(sql1);
+	ast_free(sql2);
+	ast_free(buf);
 
 	ast_debug(1, "PostgreSQL RealTime: row inserted on table: %s, id: %u\n", table, insertid);
 
@@ -740,8 +757,8 @@
 	PGresult *result = NULL;
 	int numrows = 0;
 	int pgresult;
-	char sql[256];
-	char buf[256], buf2[256];
+	struct ast_str *sql = ast_str_create(256);
+	struct ast_str *buf1 = ast_str_create(60), *buf2 = ast_str_create(60);
 	const char *newparam, *newval;
 
 	if (!table) {
@@ -774,25 +791,28 @@
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
 
-	PQescapeStringConn(pgsqlConn, buf, keyfield, sizeof(keyfield), &pgresult);
-	PQescapeStringConn(pgsqlConn, buf2, lookup, sizeof(lookup), &pgresult);
-	snprintf(sql, sizeof(sql), "DELETE FROM %s WHERE %s = '%s'", table, buf, buf2);
+	ESCAPE_STRING(buf1, keyfield);
+	ESCAPE_STRING(buf2, lookup);
+	ast_str_set(&sql, 0, "DELETE FROM %s WHERE %s = '%s'", table, buf1->str, buf2->str);
 	while ((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
-		PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult);
-		PQescapeStringConn(pgsqlConn, buf2, newval, sizeof(newval), &pgresult);
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s = '%s'", buf, buf2);
+		ESCAPE_STRING(buf1, newparam);
+		ESCAPE_STRING(buf2, newval);
+		ast_str_append(&sql, 0, " AND %s = '%s'", buf1->str, buf2->str);
 	}
 	va_end(ap);
 
-	ast_debug(1, "PostgreSQL RealTime: Delete SQL: %s\n", sql);
-
-	if (!(result = PQexec(pgsqlConn, sql))) {
+	ast_debug(1, "PostgreSQL RealTime: Delete SQL: %s\n", sql->str);
+
+	if (!(result = PQexec(pgsqlConn, sql->str))) {
 		ast_log(LOG_WARNING,
 				"PostgreSQL RealTime: Failed to query database. Check debug for more info.\n");
-		ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql);
+		ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql->str);
 		ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s\n", PQerrorMessage(pgsqlConn));
 		ast_mutex_unlock(&pgsql_lock);
+		ast_free(buf1);
+		ast_free(buf2);
+		ast_free(sql);
 		return -1;
 	} else {
 		ExecStatusType result_status = PQresultStatus(result);
@@ -801,16 +821,22 @@
 			&& result_status != PGRES_NONFATAL_ERROR) {
 			ast_log(LOG_WARNING,
 					"PostgreSQL RealTime: Failed to query database. Check debug for more info.\n");
-			ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql);
+			ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql->str);
 			ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s (%s)\n",
 						PQresultErrorMessage(result), PQresStatus(result_status));
 			ast_mutex_unlock(&pgsql_lock);
+			ast_free(buf1);
+			ast_free(buf2);
+			ast_free(sql);
 			return -1;
 		}
 	}
 
 	numrows = atoi(PQcmdTuples(result));
 	ast_mutex_unlock(&pgsql_lock);
+	ast_free(buf1);
+	ast_free(buf2);
+	ast_free(sql);
 
 	ast_debug(1, "PostgreSQL RealTime: Deleted %d rows on table: %s\n", numrows, table);

More information about the asterisk-commits mailing list