[xml] Bug in parser.c

Date view	Thread view	Subject view	Author view

From: Perik, Mike (mikep@crt.com)
Date: Thu May 13 1999 - 16:13:41 EDT

Next message: Hilaire Fernandes: "[xml] Getting node name"
Previous message: Peter Teichman: "[xml] Re: gnome-xml bug? xmlSaveFile writes tree twice"
Next in thread: Perik, Mike: "FW: [xml] Bug in parser.c"
Maybe reply: Perik, Mike: "FW: [xml] Bug in parser.c"

A co-worker of mine found what looks like a bug in parser.c.
The problem is that 100 bytes are added to the buf.st_size and then a read()
is done. but the buf.st_size is used to null terminate the buffer. Say the
stat returns a buf.st_size = 100. Another hundred is added so now
buf.st_size == 200.
The read is done and only 120 bytes are read but the null is put at
buffer[200]. Who knows what's between 120 and 200.

I've attached a diff.

Mike <<parser.diff>>

application/octet-stream attachment: parser.diff

----
Message from the list xml@rufus.w3.org
Archived at : http://rufus.w3.org/veillard/XML/messages
to unsubscribe: echo "unsubscribe xml" | mail  majordomo@rufus.w3.org

Next message: Hilaire Fernandes: "[xml] Getting node name"
Previous message: Peter Teichman: "[xml] Re: gnome-xml bug? xmlSaveFile writes tree twice"
Next in thread: Perik, Mike: "FW: [xml] Bug in parser.c"
Maybe reply: Perik, Mike: "FW: [xml] Bug in parser.c"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Wed Aug 02 2000 - 12:29:26 EDT