[Libevent-users] evbuffer_find fix and a test
Niels Provos
provos at citi.umich.edu
Wed Apr 18 11:48:31 EDT 2007
Hi Ken,
thanks for the bug report. Your regression test was good.
Unfortunately, the fix was buggy :-) Here is what I plan on
submitting as a fix:
Index: buffer.c
===================================================================
--- buffer.c (revision 351)
+++ buffer.c (working copy)
@@ -431,13 +431,12 @@
u_char *
evbuffer_find(struct evbuffer *buffer, const u_char *what, size_t len)
{
- size_t remain = buffer->off;
- u_char *search = buffer->buffer;
+ u_char *search = buffer->buffer, *end = search + buffer->off;
u_char *p;
- while ((p = memchr(search, *what, remain)) != NULL) {
- remain = buffer->off - (size_t)(search - buffer->buffer);
- if (remain < len)
+ while (search < end &&
+ (p = memchr(search, *what, end - search)) != NULL) {
+ if (p + len > end)
break;
if (memcmp(p, what, len) == 0)
return (p);
Thanks,
Niels.
On 4/16/07, Ken Cox <kenstir78 at comcast.net> wrote:
> Greetings,
>
> We found an error where evbuffer_find(buf,"\r\n",2) would find only a bare
> "\r" at the end of the buffer, if there happened to be a leftover "\n" in
> the next byte. I added new tests to regress.c to show the bug and the
> error which is visible on FC6 with valgrind. I'm not certain that the
> enclosed fix is the most concise one possible, but it fixes the bug and
> the valgrind error.
>
> Regards,
> Ken Cox
> k e n s t i r a t v i v o x d o t c o m
> _______________________________________________
> Libevent-users mailing list
> Libevent-users at monkeymail.org
> http://monkey.org/mailman/listinfo/libevent-users
>
>
>
More information about the Libevent-users
mailing list