apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: cvs commit: apr/strings apr_strings.c
Date Sun, 11 Feb 2001 16:32:19 GMT
Hmmm. Actually, this could improve its efficiency by only allocating
len+1 bytes if len < n. Should we do that?

Cheers,

Ben.

ben@apache.org wrote:
> 
> ben         01/02/11 08:25:08
> 
>   Modified:    strings  apr_strings.c
>   Log:
>   ap_pstrndup could have caused out-of-bounds memory accesses (this is a
>   theoretical problem that I happened to notice). Only lightly tested.
> 
>   Revision  Changes    Path
>   1.9       +7 -2      apr/strings/apr_strings.c
> 
>   Index: apr_strings.c
>   ===================================================================
>   RCS file: /home/cvs/apr/strings/apr_strings.c,v
>   retrieving revision 1.8
>   retrieving revision 1.9
>   diff -u -r1.8 -r1.9
>   --- apr_strings.c     2001/02/11 16:18:09     1.8
>   +++ apr_strings.c     2001/02/11 16:25:07     1.9
>   @@ -83,13 +83,18 @@
>    APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n)
>    {
>        char *res;
>   +    size_t len;
> 
>        if (s == NULL) {
>            return NULL;
>        }
>        res = apr_palloc(a, n + 1);
>   -    memcpy(res, s, n);
>   -    res[n] = '\0';
>   +    len = strlen(s);
>   +    if(len > n) {
>   +     memcpy(res, s, n);
>   +     res[n] = '\0';
>   +    } else
>   +     memcpy(res, s, len+1);
>        return res;
>    }
> 
> 
> 
> 

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message