|
/* Append the specified binary-safe string pointed by 't' of 'len' bytes to the |
|
* end of the specified sds string 's'. |
|
* |
|
* After the call, the passed sds string is no longer valid and all the |
|
* references must be substituted with the new pointer returned by the call. */ |
|
sds sdscatlen(sds s, const void *t, size_t len) { |
|
size_t curlen = sdslen(s); |
|
|
|
s = sdsMakeRoomFor(s,len); |
|
if (s == NULL) return NULL; |
|
memcpy(s+curlen, t, len); |
|
sdssetlen(s, curlen+len); |
|
s[curlen+len] = '\0'; |
|
return s; |
|
} |
Function sdscatlen calls sdsMakeRoomFor, which may fail due to memory management.
So there exists a potential NULL Pointer Dereference if we do check the return value of it.
We should check if s is NULL and then apply the follow-up operations, because the sdslen will dereference s directly.
|
sds sdscatrepr(sds s, const char *p, size_t len) { |
|
s = sdscatlen(s,"\"",1); |
|
while(len--) { |
|
switch(*p) { |
|
case '\\': |
|
case '"': |
|
s = sdscatprintf(s,"\\%c",*p); |
|
break; |
|
case '\n': s = sdscatlen(s,"\\n",2); break; |
|
case '\r': s = sdscatlen(s,"\\r",2); break; |
|
case '\t': s = sdscatlen(s,"\\t",2); break; |
|
case '\a': s = sdscatlen(s,"\\a",2); break; |
|
case '\b': s = sdscatlen(s,"\\b",2); break; |
|
default: |
|
if (isprint((int) *p)) |
|
s = sdscatprintf(s,"%c",*p); |
|
else |
|
s = sdscatprintf(s,"\\x%02x",(unsigned char)*p); |
|
break; |
|
} |
|
p++; |
|
} |
|
return sdscatlen(s,"\"",1); |
|
} |
