You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by bo...@apache.org on 2009/05/22 00:09:24 UTC

svn commit: r777284 - in /apr/apr-util/branches/1.4.x: CHANGES buckets/apr_brigade.c

Author: bojan
Date: Thu May 21 22:09:24 2009
New Revision: 777284

URL: http://svn.apache.org/viewvc?rev=777284&view=rev
Log:
Backport r768417 from the trunk.
Fix off by one overflow in apr_brigade_vprintf.
For the gory details see
http://mail-archives.apache.org/mod_mbox/apr-dev/200904.mbox/%3c49F21CD2.5020105@collab.net%3e

Submitted by: C. Michael Pilato <cmpilato collab.net>
Reviewed by: rpluem, trawick

Modified:
    apr/apr-util/branches/1.4.x/CHANGES
    apr/apr-util/branches/1.4.x/buckets/apr_brigade.c   (contents, props changed)

Modified: apr/apr-util/branches/1.4.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/CHANGES?rev=777284&r1=777283&r2=777284&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.4.x/CHANGES [utf-8] Thu May 21 22:09:24 2009
@@ -1,6 +1,8 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.4.0
 
+  *) Fix off by one overflow in apr_brigade_vprintf.
+     [C. Michael Pilato <cmpilato collab.net>]
 
   *) APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
      SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and

Modified: apr/apr-util/branches/1.4.x/buckets/apr_brigade.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/buckets/apr_brigade.c?rev=777284&r1=777283&r2=777284&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/buckets/apr_brigade.c (original)
+++ apr/apr-util/branches/1.4.x/buckets/apr_brigade.c Thu May 21 22:09:24 2009
@@ -689,9 +689,6 @@
       return -1;
     }
 
-    /* tack on null terminator to remaining string */
-    *(vd.vbuff.curpos) = '\0';
-
     /* write out what remains in the buffer */
     return apr_brigade_write(b, flush, ctx, buf, vd.vbuff.curpos - buf);
 }

Propchange: apr/apr-util/branches/1.4.x/buckets/apr_brigade.c
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Thu May 21 22:09:24 2009
@@ -0,0 +1,2 @@
+/apr/apr/trunk/buckets/apr_brigade.c:768417
+/apr/apr-util/trunk/buckets/apr_brigade.c:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630