You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2002/03/12 12:48:32 UTC
cvs commit: httpd-2.0/modules/mappers mod_negotiation.c
trawick 02/03/12 03:48:32
Modified: modules/mappers mod_negotiation.c
Log:
add a comment to point out a potential segfault
tweak an existing comment to make it a little more clear
Revision Changes Path
1.96 +5 -1 httpd-2.0/modules/mappers/mod_negotiation.c
Index: mod_negotiation.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_negotiation.c,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- mod_negotiation.c 13 Feb 2002 02:55:17 -0000 1.95
+++ mod_negotiation.c 12 Mar 2002 11:48:32 -0000 1.96
@@ -804,6 +804,10 @@
if (apr_file_read(map, buffer, len) != APR_SUCCESS) {
return -1;
}
+ /* XXX next line can go beyond allocated storage and segfault,
+ * or worse yet go beyond data read but not beyond allocated
+ * storage and think it found the tag
+ */
endbody = strstr(buffer, tag);
if (!endbody) {
return -1;
@@ -824,7 +828,7 @@
return -1;
}
- /* Give the caller back the actual body's offset and length */
+ /* Give the caller back the actual body's file offset and length */
*len = bodylen;
return pos - (endbody - buffer);
}