FW: [xml] Bug in parser.c

From: Perik, Mike (mikep@crt.com)
Date: Tue Jun 08 1999 - 15:04:26 EDT

• Next message: Daniel Veillard: "Re: [xml] Memory leak in tree.c"
• Previous message: Steve Ratcliffe: "[xml] Memory leak in tree.c"
• Maybe in reply to: Perik, Mike: "[xml] Bug in parser.c"
• Next in thread: Daniel Veillard: "Re: FW: [xml] Bug in parser.c"
• Reply: Daniel Veillard: "Re: FW: [xml] Bug in parser.c"

> -----Original Message-----
> From: Perik, Mike [SMTP:mikep@crt.com]
> Sent: Thursday, May 13, 1999 3:14 PM
> To: 'xml@rufus.w3.org'
> Subject: [xml] Bug in parser.c
>
[Perik, Mike] This was applied to xml-1.0.0. I checked xml-1.1.0 and it
doesn't look like the fix was applied.

>
> A co-worker of mine found what looks like a bug in parser.c.
> The problem is that 100 bytes are added to the buf.st_size and then a
> read()
> is done. but the buf.st_size is used to null terminate the buffer. Say
> the
> stat returns a buf.st_size = 100. Another hundred is added so now
> buf.st_size == 200.
> The read is done and only 120 bytes are read but the null is put at
> buffer[200]. Who knows what's between 120 and 200.
>
>
> I've attached a diff.
>
> Mike <<parser.diff>> <<parser.diff>>

• application/octet-stream attachment: parser.diff

----
Message from the list xml@rufus.w3.org
Archived at : http://rufus.w3.org/veillard/XML/messages
to unsubscribe: echo "unsubscribe xml" | mail  majordomo@rufus.w3.org

• Next message: Daniel Veillard: "Re: [xml] Memory leak in tree.c"
• Previous message: Steve Ratcliffe: "[xml] Memory leak in tree.c"
• Maybe in reply to: Perik, Mike: "[xml] Bug in parser.c"
• Next in thread: Daniel Veillard: "Re: FW: [xml] Bug in parser.c"
• Reply: Daniel Veillard: "Re: FW: [xml] Bug in parser.c"

This archive was generated by hypermail 2b29 : Wed Aug 02 2000 - 12:29:38 EDT