On 12/19/2012 02:33 PM, Kinkie wrote:
> there seems to be a buffer overrun in the Scoutcast related test in
> testHttpReply.
Indeed.
> The attached patch may address it - it's unclear to me whether the
> cstring-termination \0 should be appended to the MemBuf - I assume so as
> the test is not crashing, but you never know.
If the test is for parsing the header, then it does not matter whether 0
terminator is appended or not (it is not a part of the header). However,
it is best not to append it IMO: If there is a bug in headersEnd or
elsewhere, it would be slightly more likely to be exposed if the
terminator is not there.
> Unless the trailing garbage to the input is intentional, if so I'll mark
> the bug as intentional in coverity.
If the intent is to append garbage, the test code should be rewritten. I
do not think it is though.
Thank you,
Alex.
Received on Thu Dec 20 2012 - 17:08:21 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 21 2012 - 12:00:20 MST