From: Andre Noll Date: Tue, 13 Jun 2017 20:33:26 +0000 (+0200) Subject: filter: Handle bad filter numbers gracefully. X-Git-Tag: v0.6.1~73 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=c6dc6e36a70e580892d8bc190cd41376f449bdfd;p=paraslash.git filter: Handle bad filter numbers gracefully. This modifies filter_get() to return NULL if an invalid filter number is given, rather than aborting the process. This way applications can loop over all filters without having to include filter_cmd.lsg.h. filter_name(), which also receives a filter number, has no such sanity check and could possibly access uninitialized memory if an invalid argument was passed. This commit adds the check and makes the function return NULL in this case, just like filter_get(). Moreover, the function lacked documentation, so let's add it now. --- diff --git a/filter_common.c b/filter_common.c index 991b3a1e..b406951e 100644 --- a/filter_common.c +++ b/filter_common.c @@ -28,15 +28,15 @@ * * \param filter_num Between zero and NUM_SUPPORTED_FILTERS, inclusively. * - * \return Pointer to the filter identified by the given filter number. + * \return Pointer to the filter identified by the given filter number, or + * NULL if the filter number is out of range. * - * It is a fatal error if the given number is out of range. In this case - * the function aborts. + * \sa filter_name(). */ const struct filter *filter_get(int filter_num) { - assert(filter_num >= 1); - assert(filter_num <= LSG_NUM_FILTER_CMD_SUBCOMMANDS); + if (filter_num < 1 || filter_num > LSG_NUM_FILTER_CMD_SUBCOMMANDS) + return NULL; return lls_user_data(FILTER_CMD(filter_num)); } @@ -45,8 +45,18 @@ static inline bool filter_supported(int filter_num) return lls_user_data(FILTER_CMD(filter_num)); } +/** + * Return the name of a filter, given its number. + * + * \param filter_num See \ref filter_get(). + * + * \return A pointer to a string literal, or NULL if filter_num is out of + * range. The caller must not attempt to call free(3) on the returned pointer. + */ const char *filter_name(int filter_num) { + if (filter_num < 1 || filter_num > LSG_NUM_FILTER_CMD_SUBCOMMANDS) + return NULL; return lls_command_name(FILTER_CMD(filter_num)); }