[OPEN-ILS-DEV] PATCH: utils.h (OSRF_BUFFER_ADD_CHAR)

Bill Erickson erickson at esilibrary.com
Sun Nov 16 21:58:59 EST 2008


> This patch fixes a bug in the OSRF_BUFFER_ADD_CHAR macro.
>
> Like the corresponding buffer_add_char function, this macro appends a
> specified character to a growing_buffer.  Unlike the function, however,
> the
> existing version of the macro does not also append a terminal nul.
>
> This bug had gone unnoticed because, most of the time, the rest of the
> buffer is already filled with nuls, left over from the initial creation of
> the growing_buffer.  I stumbled across the problem when, in the course of
> writing a test harness for some other changes, I called buffer_reset()
> in order to reuse an existing growing_buffer instead of destroying and
> re-creating it.
>
> With debugging turned on, buffer_reset() fills the buffer with exclamation
> points, leaving a nul only in the very last byte.  Later, if we use
> buffer_add() or buffer_fadd() to extend the string stored in the
> growing_buffer, it uses strcat() to append the new characters.  The result
> is a buffer overflow.
>
> Actually buffer_reset() should place a nul in the first byte of the
> buffer.
> Tomorrow I shall submit a patch to that effect.


Hey, Scott!  It's good to hear from you.

Patch is applied with thanks.

-b


-- 
Bill Erickson
| VP, Software Development & Integration
| Equinox Software, Inc. / The Evergreen Experts
| phone: 877-OPEN-ILS (673-6457)
| email: erickson at esilibrary.com
| web: http://esilibrary.com



More information about the Open-ils-dev mailing list