qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rudynedved <...@git.apache.org>
Subject [GitHub] qpid-proton pull request #:
Date Sat, 11 Nov 2017 14:26:36 GMT
Github user rudynedved commented on the pull request:

    https://github.com/apache/qpid-proton/commit/de3fd617210b5d5a2f2c3e384c33905dbf75ad58#commitcomment-25551886
  
    For clarity, null terminated strings have X non-null characters and 1 null character.
Therefore the memory for a null terminated string is strlen()+1. A 4 character value such
as "abcd" will require memory for "abcd\0" which on most mallocs is 8 bytes.
    
    size = strlen(username+1) makes the username buffer shorter by 1. The subsequent malloc
for a username of "abcd" will be strlen("bcd") or size 3 when what is needed is 4+1 or 5.
    
    The fix is "size = strlen(username) + 1". Coverity is correct.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message