httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: svn commit: r490156 - /httpd/httpd/trunk/modules/metadata/mod_headers.c
Date Tue, 23 Jan 2007 23:48:01 GMT
On Tue, 23 Jan 2007 22:06:46 +0100
Ruediger Pluem <rpluem@apache.org> wrote:


> > -    /* Pass through %% as % */
> > -    if (*s == '%') {
> > +    /* Pass through %% or % at end of string as % */
> > +    if ((*s == '%') || (*s == '\0')) {
> >          tag->func = constant_item;
> >          tag->arg = "%";
> >          *sa = ++s;
> 
> Doesn't this create an off-by-one error?
> 
> Lets s look like the following: s = "%\0t"

%\0  ??  Oook!

> This would result in pointing *sa to t.
> 
> But in line 360 we have the following loop:
> 
>    while (*s) {
>         if ((res = parse_format_tag(p, (format_tag *)
> apr_array_push(hdr->ta), &s))) { return res;
>         }
>     }
> 
> It would then start to process the memory region starting with t with
> parse_format_tag.

Heh!

> I think the following should fix this:

Yep, looks right, thanks.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message