sponsored links

Collapse

Announcement

Collapse
No announcement yet.

HTTPAPI's use of varsize? How does it know how much to use?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTPAPI's use of varsize? How does it know how much to use?

    I am looking at the RPG parameter definitions for HTTP_req()
    Response data can be returned either to an IFS file, or via the 16MBm ResultStr parameter. ResultStr is defined as *varsize, so it will accept a smaller variable in that parameter.

    System API's that do similar usually have a separate length parameter to define how long the variable actually is, so that the API does not read/write past the end. But HTTP_req() does not have a length parameter
    My question then, is how does HTTPAPI know how long the parameter actually is so it doesn't write past the end? Or does it not know, and it relies on the developer using a variable large enough to handle any possible response value?

  • #2
    In theory because it is a VarChar (varying) field - so the length is carried in the first 2 bytes of the field. However, it does look a bit odd that it is declared as *Varsize and there is no mention (at least in the protos) that it should be set to its maximum length prior to the call. So yes - at first glance it is possible that buffer over-run could occur.

    Hopefully Scott will chime in and reassure us!

    Comment


    • #3
      Makes sense, but if it's over 32k then it will have a 4 byte size prefix, not a 2 byte?

      Comment


      • #4
        Originally posted by Vectorspace View Post
        Makes sense, but if it's over 32k then it will have a 4 byte size prefix, not a 2 byte?
        True - which makes the current proto even more surprising! When I finally get done with switching the RPG & DB2 Summit to "virtual" mode I must play some because it seems to me that could be a real problem. But it is Scott's stuff so I'm assuming that I'm missing something!

        Comment


        • #5
          It uses a feature of ILE called "operational descriptors". Under the covers, the system will pass the size of your variable to HTTPAPI. HTTPAPI will ensure that it does not overrun the size of the variable.

          Comment


          • #6
            Ah ... and that was what I was missing. That explains it.

            Comment

            Working...
            X