Re: [xml] A long URL causes SEGV

From: Igor Zlatkovic <igor zlatkovic com>
To: Yuuichi Teranishi <teranisi gohome org>
Cc: xml gnome org
Subject: Re: [xml] A long URL causes SEGV
Date: Sun, 08 Feb 2004 16:06:23 +0100

Yuuichi Teranishi wrote:

Hi,

An URL longer than 4096(?) causes SEGV while using nanohttp in libxml2.
For example, following command dumps core.

% testReader  http://`perl -e 'print "A" x 5000'`

I think there should be a length checking code in somewhere of the
xmlNanoHTTPScanURL.

True enough. Thanks for catching this. The following patch fixes it, Iwill apply it later today.


Ciao,
Igor

Index: nanohttp.c
===================================================================
RCS file: /cvs/gnome/libxml2/nanohttp.c,v
retrieving revision 1.76
diff -c -r1.76 nanohttp.c
*** nanohttp.c  1 Nov 2003 17:04:58 -0000       1.76
--- nanohttp.c  8 Feb 2004 15:03:19 -0000
***************
*** 288,294 ****
      }
      if (URL == NULL) return;
      buf[indx] = 0;
!     while (*cur != 0) {
          if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
            buf[indx] = 0;
            ctxt->protocol = xmlMemStrdup(buf);
--- 288,294 ----
      }
      if (URL == NULL) return;
      buf[indx] = 0;
!     while ((*cur != 0) && (cur - URL < 4096)) {
          if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
            buf[indx] = 0;
            ctxt->protocol = xmlMemStrdup(buf);

Follow-Ups:
- Re: [xml] A long URL causes SEGV
  - From: Yuuichi Teranishi

References:
- [xml] A long URL causes SEGV
  - From: Yuuichi Teranishi

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]