[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: apr_token_* conclusions

From: Stefan Sperling <stsp_at_apache.org>
Date: Thu, 28 Jan 2016 08:15:23 +0100

On Wed, Jan 27, 2016 at 10:40:06PM -0600, William A Rowe Jr wrote:
> If you are new to the conversation, include/apr_cstr.h has absorbed much of
> the efforts of svn_cstring_* API's into apr_cstr_* functions.

I'm very happy to see our strtol()-wrappers in APR. These wrap the POSIX
functions with strict error checking. I hope this will encourage APR
consumers to routinely check for errors while parsing numbers rather than
trusting input. We did this for SVN and it caught a range of issues from
simple user input problems to detection of integer overflows caused by
repository on-disk corruption.

Note that we do have a special strtol() implementation for performance
critical paths in the repository filesystem code:

Some parts of the filesystem still use svn_cstring_strtoi64() instead
because they're either not performance critical or require specific
range checks.
Received on 2016-01-28 08:15:30 CET

This is an archived mail posted to the Subversion Dev mailing list.