httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re:
Date Thu, 16 Nov 2006 01:35:32 GMT
On Wed, 15 Nov 2006 21:33:07 +0100
Ruediger Pluem <> wrote:

> Because of your question I had to rewalk the code path and I think
> I found two other bugs with my code. I fixed them on trunk:

Hang on.  It's worse than that.  Or else I'm suffering 
"shouldn't be working in the wee hours" syndrome.

When you first set up the validation buffer, you copy available
data into it, and set validation_buffer_length.  Now the memcpy
in this section of code is overwriting validation_buffer,
when it should be appending to it.  Then you increment the
buffer_length, and decrement avail_in by the number of bytes
appended.  At that point, if avail_in is nonzero we might want
to log a warning of extra junk.


Why?  I'd like to understand what makes that necessary.

Edge-cases can be notoriously hard to test.  I wonder if there's
a compression/zlib test suite we could use?

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message