You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Steve Huston (JIRA)" <qp...@incubator.apache.org> on 2009/06/27 00:13:47 UTC
[jira] Created: (QPID-1957) FrameDecoder's append() function
accesses out-of-range if appending 0 bytes
FrameDecoder's append() function accesses out-of-range if appending 0 bytes
---------------------------------------------------------------------------
Key: QPID-1957
URL: https://issues.apache.org/jira/browse/QPID-1957
Project: Qpid
Issue Type: Bug
Components: C++ Broker, C++ Client
Affects Versions: 0.5
Reporter: Steve Huston
Assignee: Steve Huston
Fix For: 0.6
The append() function in qpid/framing/FrameDecoder.cpp tries to take the address of out-of-range bytes if appending 0 bytes. Although no bytes will actually be written, the [] operator throws an out of range exception in Visual Studio, which is correct since the address of an element that doesn't exist is being requested.
This fixes it:
Index: src/qpid/framing/FrameDecoder.cpp
===================================================================
--- src/qpid/framing/FrameDecoder.cpp (revision 788779)
+++ src/qpid/framing/FrameDecoder.cpp (working copy)
@@ -32,7 +32,8 @@
/** Append up to n bytes from start of buf to end of bytes. */
void append(std::vector<char>& bytes, Buffer& buffer, size_t n) {
size_t oldSize = bytes.size();
- n = std::min(n, size_t(buffer.available()));
+ if ((n = std::min(n, size_t(buffer.available()))) == 0)
+ return;
bytes.resize(oldSize+n);
char* p = &bytes[oldSize];
buffer.getRawData(reinterpret_cast<uint8_t*>(p), n);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Resolved: (QPID-1957) FrameDecoder's append() function
accesses out-of-range if appending 0 bytes
Posted by "Steve Huston (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Huston resolved QPID-1957.
--------------------------------
Resolution: Fixed
Fixed; r788886
> FrameDecoder's append() function accesses out-of-range if appending 0 bytes
> ---------------------------------------------------------------------------
>
> Key: QPID-1957
> URL: https://issues.apache.org/jira/browse/QPID-1957
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker, C++ Client
> Affects Versions: 0.5
> Reporter: Steve Huston
> Assignee: Steve Huston
> Fix For: 0.6
>
>
> The append() function in qpid/framing/FrameDecoder.cpp tries to take the address of out-of-range bytes if appending 0 bytes. Although no bytes will actually be written, the [] operator throws an out of range exception in Visual Studio, which is correct since the address of an element that doesn't exist is being requested.
> This fixes it:
> Index: src/qpid/framing/FrameDecoder.cpp
> ===================================================================
> --- src/qpid/framing/FrameDecoder.cpp (revision 788779)
> +++ src/qpid/framing/FrameDecoder.cpp (working copy)
> @@ -32,7 +32,8 @@
> /** Append up to n bytes from start of buf to end of bytes. */
> void append(std::vector<char>& bytes, Buffer& buffer, size_t n) {
> size_t oldSize = bytes.size();
> - n = std::min(n, size_t(buffer.available()));
> + if ((n = std::min(n, size_t(buffer.available()))) == 0)
> + return;
> bytes.resize(oldSize+n);
> char* p = &bytes[oldSize];
> buffer.getRawData(reinterpret_cast<uint8_t*>(p), n);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org