axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Heiner Marxen (JIRA)" <>
Subject [jira] [Created] (AXIS2C-1600) buffer overrun by patching NUL behind stream buffer
Date Thu, 21 Jun 2012 15:48:43 GMT
Heiner Marxen created AXIS2C-1600:

             Summary: buffer overrun by patching NUL behind stream buffer
                 Key: AXIS2C-1600
             Project: Axis2-C
          Issue Type: Bug
          Components: core/transport, util, xml/om
    Affects Versions: 1.6.0
            Reporter: Heiner Marxen

In functions axiom_data_source_serialize() and axis2_simple_http_svr_conn_write_respond()
the buffer obtained via axutil_stream_get_buffer() and axutil_stream_get_len() is terminated
with a NUL byte by patching behind the filled data. If the buffer is exactly full at that
time, that NUL is patched into not allocated memory, which may currupt the malloc memory arena
(corrupt the heap).

We have patched "stream.c" to always allocate one more byte than is necessary or used, so
that always at least one more byte of memory is allocated. That made our crashes go away.

A more clean solution would be to have stream.c offer a function that guarantees that additional
byte (eventually reallocating), which would be called prior to axutil_stream_get_buffer(),
whenever such a NUL byte patching is required.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message