Main Page   Modules   Data Structures   File List   Data Fields   Related Pages  

Todo List

Global try_send_activation_failure (BusPendingActivation *pending_activation, const DBusError *how)
the error messages here would ideally be preallocated so we don't need to allocate memory to send them. Using the usual tactic, prealloc an OOM message, then if we can't alloc the real error send the OOM error instead.

Global dbus_parse_address (const char *address, DBusAddressEntry ***entry, int *array_len, DBusError *error)
document address format in the specification

need to be able to escape ';' and ',' in the key values, and the parsing needs to handle that.

Global _dbus_auth_decode_data (DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
We need to be able to distinguish "out of memory" error from "the data is hosed" error.

Global dbus_bus_acquire_service (DBusConnection *connection, const char *service_name, unsigned int flags, DBusError *error)
these docs are not complete, need to document the return value and flags

if we get an error reply, it has to be converted into DBusError and returned

Global dbus_bus_activate_service (DBusConnection *connection, const char *service_name, dbus_uint32_t flags, dbus_uint32_t *reply, DBusError *error)
document what the flags do

Global dbus_bus_get (DBusBusType type, DBusError *error)
alex thinks we should nullify the connection when we get a disconnect-message.

Global dbus_bus_register (DBusConnection *connection, DBusError *error)
if we get an error reply, it has to be converted into DBusError and returned

Global dbus_bus_service_exists (DBusConnection *connection, const char *service_name, DBusError *error)
the SERVICE_EXISTS message should use BOOLEAN not UINT32

Global _dbus_connection_handle_watch (DBusWatch *watch, unsigned int condition, void *data)
This is basically a hack - we could delete _dbus_transport_handle_watch() and the virtual handle_watch in DBusTransport if we got rid of it. The reason this is some work is threading, see the _dbus_connection_handle_watch() implementation.

Global _dbus_connection_handler_destroyed_locked (DBusConnection *connection, DBusMessageHandler *handler)
needs to check in pending_replies too.

Global dbus_connection_open (const char *address, DBusError *error)
specify what the address parameter is. Right now it's just the name of a UNIX domain socket. It should be something more complex that encodes which transport to use.

Global dbus_connection_register_handler (DBusConnection *connection, DBusMessageHandler *handler, const char **messages_to_handle, int n_messages)
the messages_to_handle arg may be more convenient if it's a single string instead of an array. Though right now MessageHandler is sort of designed to say be associated with an entire object with multiple methods, that's why for example the connection only weakrefs it. So maybe the "manual" API should be different.

Global dbus_connection_send_with_reply_and_block (DBusConnection *connection, DBusMessage *message, int timeout_milliseconds, DBusError *error)
could use performance improvements (it keeps scanning the whole message queue for example) and has thread issues, see comments in source

Global dbus_connection_set_watch_functions (DBusConnection *connection, DBusAddWatchFunction add_function, DBusRemoveWatchFunction remove_function, DBusWatchToggledFunction toggled_function, void *data, DBusFreeFunction free_data_function)
We need to drop the lock when we call the add/remove/toggled functions which can be a side effect of setting the watch functions.

Global dbus_connection_unref (DBusConnection *connection)
in practice it can be quite tricky to never unref a connection that's still connected; maybe there's some way we could avoid the requirement.

Global dbus_set_error (DBusError *error, const char *name, const char *message,...)
should be called dbus_error_set()

stdio.h shouldn't be included in this file, should write _dbus_string_append_printf instead

Global dbus_set_error_const (DBusError *error, const char *name, const char *message)
should be called dbus_error_set_const()

Global _dbus_keyring_validate_context (const DBusString *context)
this is the most inefficient implementation imaginable.

Global _dbus_verbose_bytes (const unsigned char *data, int len)
right now it prints even if not in verbose mode

Global _dbus_demarshal_byte_array (const DBusString *str, int byte_order, int pos, int *new_pos, unsigned char **array, int *array_len)
Should probably demarshal to a DBusString, having memcpy() in here is Evil(tm).

Global _dbus_demarshal_string (const DBusString *str, int byte_order, int pos, int *new_pos)
Should we check the string to make sure that it's valid UTF-8, and maybe "fix" the string if it's broken?

Should probably demarshal to a DBusString, having memcpy() in here is Evil(tm).

Global _dbus_marshal_string (DBusString *str, int byte_order, const char *value)
: If the string append fails we need to restore the old length. (also for other marshallers)

Global _dbus_marshal_validate_arg (const DBusString *str, int depth, int byte_order, int type, int array_type_pos, int pos, int *end_pos)
security: need to audit this function.

For array types that can't be invalid, we should not walk the whole array validating it. e.g. just skip all the int values in an int array.

Global _dbus_message_loader_get_buffer (DBusMessageLoader *loader, DBusString **buffer)
this function can be a lot more clever. For example it can probably always return a buffer size to read exactly the body of the next message, thus avoiding any memory wastage or reallocs.

we need to enforce a max length on strings in header fields.

Global dbus_message_append_args_valist (DBusMessage *message, int first_arg_type, va_list var_args)
: Shouldn't this function clean up the changes to the message on failures? (Yes)

Global dbus_message_get_args_valist (DBusMessage *message, DBusError *error, int first_arg_type, va_list var_args)
We need to free the argument data when an error occurs.

Global dbus_message_iter_get_args_valist (DBusMessageIter *iter, DBusError *error, int first_arg_type, va_list var_args)
this function (or some lower-level non-convenience function) needs better error handling; should allow the application to distinguish between out of memory, and bad data from the remote app. It also needs to not leak a bunch of args when it gets to the arg that's bad, as that would be a security hole (allow one app to force another to leak memory)

We need to free the argument data when an error occurs.

Global dbus_server_listen (const char *address, DBusError *error)
error messages on bad address could really be better. DBusResultCode is a bit limiting here.

Global _dbus_string_base64_decode (const DBusString *source, int start, DBusString *dest, int insert_at)
sort out the AUDIT comment in here. The case it mentions ("====" or "x===") is not allowed in correct base64, so need to decide what to do with that kind of input. Probably ignore it since we ignore any other junk seen.

Global _dbus_string_ends_with_c_str (const DBusString *a, const char *c_str)
memcmp might make this faster.

Global _dbus_string_equal (const DBusString *a, const DBusString *b)
memcmp is probably faster

Global _dbus_string_equal_len (const DBusString *a, const DBusString *b, int len)
write a unit test

memcmp is probably faster

Global _dbus_string_move_len (DBusString *source, int start, int len, DBusString *dest, int insert_at)
this doesn't do anything with max_length field. we should probably just kill the max_length field though.

Global _dbus_string_pop_line (DBusString *source, DBusString *dest)
owen correctly notes that this is a stupid function (it was written purely for test code, e.g. dbus-message-builder.c). Probably should be enforced as test code only with #ifdef DBUS_BUILD_TESTS

Global _dbus_string_replace_len (const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
optimize the case where the two lengths are the same, and avoid memmoving the data in the trailing part of the string twice.

avoid inserting the source into dest, then deleting the replaced chunk of dest (which creates a potentially large intermediate string). Instead, extend the replaced chunk of dest with padding to the same size as the source chunk, then copy in the source bytes.

Global _dbus_string_steal_data_len (DBusString *str, char **data_return, int start, int len)
this function is broken because on failure it may corrupt the source string.

Global _dbus_string_validate_ascii (const DBusString *str, int start, int len)
this is inconsistent with most of DBusString in that it allows a start,len range that isn't in the string.

Global _dbus_string_validate_name (const DBusString *str, int start, int len)
this is inconsistent with most of DBusString in that it allows a start,len range that isn't in the string.

Global _dbus_string_validate_nul (const DBusString *str, int start, int len)
this is inconsistent with most of DBusString in that it allows a start,len range that isn't in the string.

Global _dbus_string_validate_service (const DBusString *str, int start, int len)
this is inconsistent with most of DBusString in that it allows a start,len range that isn't in the string.

Global _dbus_string_validate_utf8 (const DBusString *str, int start, int len)
this is inconsistent with most of DBusString in that it allows a start,len range that isn't in the string.

Global _dbus_atomic_dec (DBusAtomic *atomic)
implement arch-specific faster atomic ops

Global _dbus_atomic_inc (DBusAtomic *atomic)
implement arch-specific faster atomic ops

Global _dbus_concat_dir_and_file (DBusString *dir, const DBusString *next_component)
it might be cute to collapse multiple '/' such as "foo//" concat "//bar"

Global _dbus_directory_get_next_file (DBusDirIter *iter, DBusString *filename, DBusError *error)
for thread safety, I think we have to use readdir_r(). (GLib has the same issue, should file a bug.)

Global _dbus_error_from_errno (int error_number)
should cover more errnos, specifically those from open().

Global _dbus_poll (DBusPollFD *fds, int n_fds, int timeout_milliseconds)
need a fallback implementation using select()

Global _dbus_setenv (const char *varname, const char *value)
if someone can verify it's safe, we could avoid the memleak when doing an unset.

Global _dbus_transport_new_for_domain_socket (const char *path, dbus_bool_t abstract, DBusError *error)
once we add a way to escape paths in a dbus address, this function needs to do escaping.

Global _dbus_transport_get_is_authenticated (DBusTransport *transport)
needs to drop connection->mutex when calling the unix_user_function

Global _dbus_transport_open (const char *address, DBusError *error)
error messages on bad address could really be better. DBusResultCode is a bit limiting here.

Global _dbus_watch_set_handler (DBusWatch *watch, DBusWatchHandler handler, void *data, DBusFreeFunction free_data_function)
this function only exists because of the weird way connection watches are done, see the note in docs for _dbus_connection_handle_watch().

Group DBusAuth
some SASL profiles require sending the empty string as a challenge/response, but we don't currently allow that in our protocol.

DBusAuth really needs to be rewritten as an explicit state machine. Right now it's too hard to prove to yourself by inspection that it works.

right now sometimes both ends will block waiting for input from the other end, e.g. if there's an error during DBUS_COOKIE_SHA1.

the cookie keyring needs to be cached globally not just per-auth (which raises threadsafety issues too)

grep FIXME in dbus-auth.c

Group DBusBus
right now the default address of the system bus is hardcoded, so if you change it in the global config file suddenly you have to set DBUS_SYSTEM_BUS_ADDRESS env variable. Might be nice if the client lib somehow read the config file, or if the bus on startup somehow wrote out its address to a well-known spot, but might also not be worth it.

Global _dbus_connection_queue_synthesized_message_link (DBusConnection *connection, DBusList *link)
This needs to wake up the mainloop if it is in a poll/select and this is a multithreaded app.

Group DBusKeyring
there's a memory leak on some codepath in here, I saw it once when running make check - probably some specific initial cookies present in the cookie file, then depending on what we do with them.

Global INITIAL_LOADER_DATA_LEN
this should be based on min header size plus some average body size, or something. Or rather, the min header size only, if we want to try to read only the header, store that in a DBusMessage, then read only the body and store that, etc., depends on how we optimize _dbus_message_loader_get_buffer() and what the exact message format is.

Global DBusMessageLoader
write tests for break-loader that a) randomly delete header fields and b) set string fields to zero-length and other funky values.

Global handle_new_client_fd (DBusServer *server, int client_fd)
unreffing the connection at the end may cause us to drop the last ref to the connection before disconnecting it. That is invalid.

Group DBusServer
Thread safety hasn't been looked at for DBusServer

Need notification to apps of disconnection, may matter for some transports

Global unix_do_iteration (DBusTransport *transport, unsigned int flags, int timeout_milliseconds)
We need to have a way to wake up the select sleep if a new iteration request comes in with a flag (read/write) that we're not currently serving. Otherwise a call that just reads could block a write call forever (if there are no incoming messages).

Generated on Wed Oct 22 14:05:06 2003 for D-BUS by doxygen1.3-rc3