Actions
Bug #1837
closedoverflow in buffer.c function
ASK QUESTIONS IN Forums:
Description
// lighttpd-1.4.19 buffer.c
int buffer_append_string_rfill(buffer *b, const char *s, size_t maxlen);
It use buffer_prepare_append(b, maxlen + 1) to enlarge the b's size.
But if (maxlen+1) < strlen(s), the following memcpy() will cause overflow.
Updated by icy about 16 years ago
- Category set to core
- Assignee set to jan
- Target version set to 1.4.21
Nice find. A good thing: the function isn't used anywhere in the source. :)
Updated by stbuehler almost 16 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset r2380.
Actions
Also available in: Atom