[ZBX-7206] dangerous code for define with + or - Created: 2013 Oct 25  Updated: 2017 May 30  Resolved: 2013 Oct 25

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Server (S)
Affects Version/s: 2.0.9
Fix Version/s: 2.1.9

Type: Incident report Priority: Minor
Reporter: MATSUDA Daiki Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

There are many dangerous in Zabbix any versions.

For example, in include/db.h
#define TRIGGER_EXPRESSION_LEN_MAX TRIGGER_EXPRESSION_LEN+1

It should be with bracket () like following
#define TRIGGER_EXPRESSION_LEN_MAX (TRIGGER_EXPRESSION_LEN+1)

The reason is following
int a = TRIGGER_EXPRESSION_LEN_MAX * 4;

The programer think a is TRIGGER_EXPRESSION_LEN * 4 + 4. But a is TRIGGER_EXPRESSION_LEN + 4.
It is just amateurs' miss!



 Comments   
Comment by Aleksandrs Saveljevs [ 2013 Oct 25 ]

We thought about this a couple of years back and decided to leave as is, because we never use expressions like "TRIGGER_EXPRESSION_LEN_MAX * n" in our code. So it is never a real problem and we were concious of that.

Still, we agree that the good style is wrapping arithmetic expressions in parentheses, so we addressed your suggestion in development branch svn://svn.zabbix.com/branches/dev/ZBX-7206 .

Comment by Alexander Vladishev [ 2013 Oct 28 ]

Successfully tested!

Comment by Aleksandrs Saveljevs [ 2013 Oct 28 ]

Fixed in pre-2.1.9 (trunk) r39604.

Generated at Thu Mar 28 17:00:11 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.