Joe Schaefer <joe+apache@sunstarsys.com> writes:
> 2) this code
>
> if (rawQuery)
> rawQuery = apr_pstrcat(r->pool, rawQuery, data, NULL);
> else
> rawQuery = (char *)data;
>
> is dangerous for two reasons: the allocator is quadratic (O(n^2)),
> and data may be a freed pointer by the time it's used later in the
> code. One way to fix the allocation issue, I think, is to use a
> doubling algorithm (always allocate twice the current length, and
> track how much is being used), but I haven't tested it, and that's not
> what apreq actually uses.
I've thought about this a bit more, and the technique I describe
should amount to a total allocation of not more than 4*size of input,
which is O(n) (and therefore ok). Do we all see the problem yet,
or should I fill in more of the details?
--
Joe Schaefer
|