--- lbbs/src/article_favor.c 2025/10/15 00:45:52 1.1 +++ lbbs/src/article_favor.c 2025/10/15 03:02:17 1.3 @@ -20,6 +20,7 @@ #include "log.h" #include #include +#include ARTICLE_FAVOR BBS_article_favor; @@ -41,7 +42,6 @@ int article_favor_load(int uid, ARTICLE_ if (uid == 0) { p_favor->aid_base_cnt = 0; - p_favor->aid_base = NULL; if (!keep_inc) { @@ -66,25 +66,24 @@ int article_favor_load(int uid, ARTICLE_ log_error("Query article_favorite error: %s\n", mysql_error(db)); return -3; } - if ((rs = mysql_store_result(db)) == NULL) + if ((rs = mysql_use_result(db)) == NULL) { log_error("Get article_favorite data failed\n"); return -3; } p_favor->aid_base_cnt = 0; - p_favor->aid_base = malloc(sizeof(int32_t) * mysql_num_rows(rs)); - if (p_favor->aid_base == NULL) - { - log_error("malloc(INT32 * %d) error: OOM\n", mysql_num_rows(rs)); - mysql_free_result(rs); - mysql_close(db); - return -4; - } while ((row = mysql_fetch_row(rs))) { - p_favor->aid_base[(p_favor->aid_base_cnt)++] = atoi(row[0]); + p_favor->aid_base[p_favor->aid_base_cnt] = atoi(row[0]); + (p_favor->aid_base_cnt)++; + if (p_favor->aid_base_cnt >= MAX_FAVOR_AID_BASE_CNT) + { + log_error("Too many article_favorite records for uid=%d\n", + uid); + break; + } } mysql_free_result(rs); @@ -108,12 +107,7 @@ int article_favor_unload(ARTICLE_FAVOR * return -1; } - if (p_favor->aid_base != NULL) - { - free(p_favor->aid_base); - p_favor->aid_base = NULL; - p_favor->aid_base_cnt = 0; - } + p_favor->aid_base_cnt = 0; return 0; } @@ -232,9 +226,9 @@ int article_favor_save_inc(const ARTICLE int article_favor_merge_inc(ARTICLE_FAVOR *p_favor) { - int32_t *aid_new; - int aid_new_cnt; + int32_t aid_new[MAX_FAVOR_AID_BASE_CNT]; int i, j, k; + int len; if (p_favor == NULL) { @@ -247,16 +241,7 @@ int article_favor_merge_inc(ARTICLE_FAVO return 0; } - aid_new_cnt = p_favor->aid_base_cnt + p_favor->aid_inc_cnt; - - aid_new = malloc(sizeof(int32_t) * (size_t)aid_new_cnt); - if (aid_new == NULL) - { - log_error("malloc(INT32 * %d) error: OOM\n", aid_new_cnt); - return -2; - } - - for (i = 0, j = 0, k = 0; i < p_favor->aid_base_cnt && j < p_favor->aid_inc_cnt;) + for (i = 0, j = 0, k = 0; i < p_favor->aid_base_cnt && j < p_favor->aid_inc_cnt && k < MAX_FAVOR_AID_BASE_CNT;) { if (p_favor->aid_base[i] == p_favor->aid_inc[j]) // XOR - discard duplicate pair { @@ -273,15 +258,35 @@ int article_favor_merge_inc(ARTICLE_FAVO } } - memcpy(aid_new + k, p_favor->aid_base + i, sizeof(int32_t) * (size_t)(p_favor->aid_base_cnt - i)); - k += (p_favor->aid_base_cnt - i); - memcpy(aid_new + k, p_favor->aid_inc + j, sizeof(int32_t) * (size_t)(p_favor->aid_inc_cnt - j)); - k += (p_favor->aid_inc_cnt - j); + len = MIN(p_favor->aid_base_cnt - i, MAX_FAVOR_AID_BASE_CNT - k); + if (len > 0) + { + memcpy(aid_new + k, p_favor->aid_base + i, + sizeof(int32_t) * (size_t)len); + i += len; + k += len; + } + if (i < p_favor->aid_base_cnt) + { + log_error("Too many base aids, %d will be discarded\n", p_favor->aid_base_cnt - i); + } - free(p_favor->aid_base); - p_favor->aid_base = aid_new; - p_favor->aid_base_cnt = k; + len = MIN(p_favor->aid_inc_cnt - j, MAX_FAVOR_AID_BASE_CNT - k); + if (len > 0) + { + memcpy(aid_new + k, p_favor->aid_inc + j, + sizeof(int32_t) * (size_t)len); + j += len; + k += len; + } + if (j < p_favor->aid_inc_cnt) + { + log_error("Too many inc aids, %d will be discarded\n", p_favor->aid_inc_cnt - j); + } + memcpy(p_favor->aid_base, aid_new, sizeof(int32_t) * (size_t)k); + + p_favor->aid_base_cnt = k; p_favor->aid_inc_cnt = 0; return 0; @@ -393,9 +398,11 @@ int article_favor_set(int32_t aid, ARTIC if (aid == p_favor->aid_inc[left] && p_favor->aid_inc_cnt > 0) // Unset { - for (i = left; i < p_favor->aid_inc_cnt - 1; i++) + if (p_favor->aid_inc_cnt > left + 1) { - p_favor->aid_inc[i] = p_favor->aid_inc[i + 1]; + memmove(p_favor->aid_inc + left, + p_favor->aid_inc + left + 1, + sizeof(int32_t) * (size_t)(p_favor->aid_inc_cnt - left - 1)); } (p_favor->aid_inc_cnt)--; @@ -429,9 +436,11 @@ int article_favor_set(int32_t aid, ARTIC right = left + 1; } - for (i = p_favor->aid_inc_cnt - 1; i >= right; i--) + if (p_favor->aid_inc_cnt > right) { - p_favor->aid_inc[i + 1] = p_favor->aid_inc[i]; + memmove(p_favor->aid_inc + right + 1, + p_favor->aid_inc + right, + sizeof(int32_t) * (size_t)(p_favor->aid_inc_cnt - right)); } p_favor->aid_inc[right] = aid;