Mercurial > octave-nkf
changeset 19438:c2f4f6eb5907
A few more instances of stricter input validation for strings (bug #42651).
* load-path.cc (Faddpath, Frmpath): Use is_string() to check string input.
* urlwrite.cc (Furlwrite, Furlread): Use is_string() to check string input.
* variables.cc (extract_function, set_internal_variable): Use is_string() to
check string input.
* ov-class.cc (Fclass): Use is_string() to check string input.
| author | Rik <rik@octave.org> |
|---|---|
| date | Tue, 16 Dec 2014 12:07:32 -0800 |
| parents | 03067dab10ca |
| children | cbce5d1bcaf9 |
| files | libinterp/corefcn/load-path.cc libinterp/corefcn/urlwrite.cc libinterp/corefcn/variables.cc libinterp/octave-value/ov-class.cc |
| diffstat | 4 files changed, 46 insertions(+), 40 deletions(-) [+] |
line wrap: on
line diff
--- a/libinterp/corefcn/load-path.cc Tue Dec 16 09:21:29 2014 -0800 +++ b/libinterp/corefcn/load-path.cc Tue Dec 16 12:07:32 2014 -0800 @@ -2437,10 +2437,10 @@ for (int i = 0; i < nargin; i++) { - std::string arg = args(i).string_value (); - - if (! error_state) + if (args(i).is_string ()) { + std::string arg = args(i).string_value (); + std::list<std::string> dir_elts = split_path (arg); if (! append) @@ -2506,10 +2506,9 @@ for (int i = 0; i < nargin; i++) { - std::string arg = args(i).string_value (); - - if (! error_state) + if (args(i).is_string ()) { + std::string arg = args(i).string_value (); std::list<std::string> dir_elts = split_path (arg); for (std::list<std::string>::const_iterator p = dir_elts.begin ();
--- a/libinterp/corefcn/urlwrite.cc Tue Dec 16 09:21:29 2014 -0800 +++ b/libinterp/corefcn/urlwrite.cc Tue Dec 16 12:07:32 2014 -0800 @@ -346,32 +346,37 @@ return retval; } - std::string url = args(0).string_value (); - - if (error_state) + if (! args(0).is_string ()) { error ("urlwrite: URL must be a string"); return retval; } - // name to store the file if download is succesful - // FIXME: Maybe use is_string () for better input validation. - std::string filename = args(1).string_value (); + std::string url = args(0).string_value (); - if (error_state) + if (! args(1).is_string ()) { error ("urlwrite: LOCALFILE must be a string"); return retval; } + // name to store the file if download is succesful + std::string filename = args(1).string_value (); + std::string method; Array<std::string> param; if (nargin == 4) { + if (! args(2).is_string ()) + { + error ("urlwrite: METHOD must be a string"); + return retval; + } + method = args(2).string_value (); - if (error_state || (method != "get" && method != "post")) + if (method != "get" && method != "post") { error ("urlwrite: METHOD must be \"get\" or \"post\""); return retval; @@ -498,24 +503,28 @@ return retval; } - // FIXME: Maybe use is_string () for better input validation. - std::string url = args(0).string_value (); - - if (error_state) + if (! args(0).is_string ()) { error ("urlread: URL must be a string"); return retval; } + std::string url = args(0).string_value (); + std::string method; Array<std::string> param; if (nargin == 3) { - // FIXME: Maybe use is_string () for better input validation. + if (! args(1).is_string ()) + { + error ("urlread: METHOD must be a string"); + return retval; + } + method = args(1).string_value (); - if (error_state || (method != "get" && method != "post")) + if (method != "get" && method != "post") { error ("urlread: METHOD must be \"get\" or \"post\""); return retval;
--- a/libinterp/corefcn/variables.cc Tue Dec 16 09:21:29 2014 -0800 +++ b/libinterp/corefcn/variables.cc Tue Dec 16 12:07:32 2014 -0800 @@ -150,16 +150,14 @@ if (! retval) { - // FIXME: Should is_string () be used instead which will warn more - // broadly about incorrect input? - std::string s = arg.string_value (); - - std::string cmd = header; - cmd.append (s); - cmd.append (trailer); - - if (! error_state) + if (arg.is_string ()) { + std::string s = arg.string_value (); + + std::string cmd = header; + cmd.append (s); + cmd.append (trailer); + int parse_status; eval_string (cmd, true, parse_status, 0); @@ -938,17 +936,17 @@ if (nargin == 1) { - std::string sval = args(0).string_value (); - - if (! error_state) + if (args(0).is_string ()) { + std::string sval = args(0).string_value (); + if (empty_ok || ! sval.empty ()) var = sval; else error ("%s: value must not be empty", nm); } else - error ("%s: expecting arg to be a string", nm); + error ("%s: first argument must be a string", nm); } else if (nargin > 1) print_usage (); @@ -979,10 +977,10 @@ if (nargin == 1) { - std::string sval = args(0).string_value (); - - if (! error_state) + if (args(0).is_string ()) { + std::string sval = args(0).string_value (); + int i = 0; for (; i < nchoices; i++) { @@ -996,7 +994,7 @@ error ("%s: value not allowed (\"%s\")", nm, sval.c_str ()); } else - error ("%s: expecting arg to be a string", nm); + error ("%s: first argument must be a string", nm); } else if (nargin > 1) print_usage ();
--- a/libinterp/octave-value/ov-class.cc Tue Dec 16 09:21:29 2014 -0800 +++ b/libinterp/octave-value/ov-class.cc Tue Dec 16 12:07:32 2014 -0800 @@ -1875,10 +1875,10 @@ // Called as class constructor octave_function *fcn = octave_call_stack::caller (); - std::string id = args(1).string_value (); + if (args(1).is_string ()) + { + std::string id = args(1).string_value (); - if (! error_state) - { if (fcn) { if (fcn->is_class_constructor (id) || fcn->is_class_method (id))