Re: [PATCH] Fix for coverity scan issue 740413

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 21 Dec 2012 20:07:35 +1300

On 21/12/2012 6:08 a.m., Alex Rousskov wrote:
> On 12/19/2012 02:33 PM, Kinkie wrote:
>> there seems to be a buffer overrun in the Scoutcast related test in
>> testHttpReply.
> Indeed.
>
>
>> The attached patch may address it - it's unclear to me whether the
>> cstring-termination \0 should be appended to the MemBuf - I assume so as
>> the test is not crashing, but you never know.
> If the test is for parsing the header, then it does not matter whether 0
> terminator is appended or not (it is not a part of the header). However,
> it is best not to append it IMO: If there is a bug in headersEnd or
> elsewhere, it would be slightly more likely to be exposed if the
> terminator is not there.
>
>
>> Unless the trailing garbage to the input is intentional, if so I'll mark
>> the bug as intentional in coverity.
> If the intent is to append garbage, the test code should be rewritten. I
> do not think it is though.

It was a copy-n-paste error that one. The tests for garbage have
explicitly chosen invalid octets appended to test the various edge cases.

Amos
Received on Fri Dec 21 2012 - 07:07:48 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 21 2012 - 12:00:20 MST