Re: [xml] A long URL causes SEGV



Yuuichi Teranishi wrote:

Hi,

An URL longer than 4096(?) causes SEGV while using nanohttp in libxml2.
For example, following command dumps core.

% testReader  http://`perl -e 'print "A" x 5000'`

I think there should be a length checking code in somewhere of the
xmlNanoHTTPScanURL.

True enough. Thanks for catching this. The following patch fixes it, I will apply it later today.

Ciao,
Igor

Index: nanohttp.c
===================================================================
RCS file: /cvs/gnome/libxml2/nanohttp.c,v
retrieving revision 1.76
diff -c -r1.76 nanohttp.c
*** nanohttp.c  1 Nov 2003 17:04:58 -0000       1.76
--- nanohttp.c  8 Feb 2004 15:03:19 -0000
***************
*** 288,294 ****
      }
      if (URL == NULL) return;
      buf[indx] = 0;
!     while (*cur != 0) {
          if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
            buf[indx] = 0;
            ctxt->protocol = xmlMemStrdup(buf);
--- 288,294 ----
      }
      if (URL == NULL) return;
      buf[indx] = 0;
!     while ((*cur != 0) && (cur - URL < 4096)) {
          if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
            buf[indx] = 0;
            ctxt->protocol = xmlMemStrdup(buf);




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]