You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by tr...@apache.org on 2002/03/12 12:48:32 UTC

cvs commit: httpd-2.0/modules/mappers mod_negotiation.c

trawick     02/03/12 03:48:32

  Modified:    modules/mappers mod_negotiation.c
  Log:
  add a comment to point out a potential segfault
  
  tweak an existing comment to make it a little more clear
  
  Revision  Changes    Path
  1.96      +5 -1      httpd-2.0/modules/mappers/mod_negotiation.c
  
  Index: mod_negotiation.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_negotiation.c,v
  retrieving revision 1.95
  retrieving revision 1.96
  diff -u -r1.95 -r1.96
  --- mod_negotiation.c	13 Feb 2002 02:55:17 -0000	1.95
  +++ mod_negotiation.c	12 Mar 2002 11:48:32 -0000	1.96
  @@ -804,6 +804,10 @@
       if (apr_file_read(map, buffer, len) != APR_SUCCESS) {
           return -1;
       }      
  +    /* XXX next line can go beyond allocated storage and segfault,
  +     *     or worse yet go beyond data read but not beyond allocated
  +     *     storage and think it found the tag
  +     */
       endbody = strstr(buffer, tag);
       if (!endbody) {
           return -1;
  @@ -824,7 +828,7 @@
           return -1;
       }
   
  -    /* Give the caller back the actual body's offset and length */
  +    /* Give the caller back the actual body's file offset and length */
       *len = bodylen;
       return pos - (endbody - buffer);
   }