In several of places within libpcp we return a pointer to a static
buffer ... since the buffer contents are not constant, this is not
thread-safe.
The routines are: pmAtomStr, pmTypeStr, pmUnitsStr, pmIDStr, pmInDomStr,
__pmLogName, pmNumberStr, __pmPDUTypeStr and __pmTimezone.
There are 3 possible fixes:
1. UCB-style, add func_r variants with an additional parameter that is
the buffer of an assumed sufficient size.
2. Change the API semantics to return malloc'd buffers that the caller
must free.
3. POSIX-style, add new functions for each, with an additional pair of
arguments at the beginning to identify a caller allocated buffer and the
length of that buffer (e.g. strftime) ... and discourage the use of the
old functions.
Thoughts?
I really don't like 1. or 3. as they confuse and pollute the API and
arbitrary apps can still invoke the thread-unsafe versions of the
routines by error or oversight.
2. means more work for the caller, and in the likely bad case some
memory leakage, and in the no-memory corner cases returning NULL with no
explanation and the caller will probably not handle this elegantly
(although it is a toss up between exit(1), abort() and SIGSEGV as far as
the punter is concerned).
I'm really open to suggestions here, as none of the options are all that
attractive to my old eyes.
|