diff options
| author | Alejandro Colomar <alx@nginx.com> | 2022-10-29 23:23:06 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2022-11-12 20:22:07 +0100 |
| commit | 317a217bf8fa6c31c1b48193941a50ef64c155ab (patch) | |
| tree | f11bea88873d44b81e2d158e75a34e043d40205a | |
| parent | 3bbb13b7d2275adbeef528cebf8bd9e8a5a07696 (diff) | |
| download | unit-317a217bf8fa6c31c1b48193941a50ef64c155ab.tar.gz unit-317a217bf8fa6c31c1b48193941a50ef64c155ab.tar.bz2 | |
Using nxt_nitems() instead of sizeof() for strings (arrays).
sizeof() should never be used to get the size of an array. It is
very unsafe, since arrays easily decay to pointers, and sizeof()
applied to a pointer gives false results that compile and produce
silent bugs.
It's better to use nxt_items(), which implements sizeof()
division, which recent compilers warn when used with pointers.
This change would have avoided a bug that we almost introduced
recently by using:
nxt_str_set(&port, (r->tls ? "https://" : "http://"));
which in the macro expansion runs:
(&port)->length = nxt_length((r->tls ? : "https://" : "http://"));
which evaluates to:
port.length = sizeof(r->tls ? "https://" : "http://") - 1;
which evaluates to:
port.length = 8 - 1;
Of course, we didn't want a compile-time-constant 8 there, but
rather the length of the string.
Link: <https://stackoverflow.com/a/57537491>
Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
| -rw-r--r-- | src/nxt_clang.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nxt_clang.h b/src/nxt_clang.h index 94638346..6803ffc8 100644 --- a/src/nxt_clang.h +++ b/src/nxt_clang.h @@ -252,7 +252,7 @@ nxt_popcount(unsigned int x) #define nxt_length(s) \ - (sizeof(s) - 1) + (nxt_nitems(s) - 1) #endif /* _NXT_CLANG_H_INCLUDED_ */ |