Martin Sebor
Sun, 09 Jul 2006 16:00:59 -0700
Martin Sebor wrote:
Martin Sebor wrote:Farid Zaripov wrote:I found that the rw_match function can address to the memory after the end of the string buffer.It calls __rw_get_char to get the last character and this function reads a character after the end of the string buffer:char.cpp line 534: if ('<' == char (ch) && 'U' == src [0] && isxdigit (src [1])) { char.cpp line 548: if ('@' == src [0] && isdigit (src [1])) { src [0] - is the place of the fail.Hmm, that does look like a subtle bug in rw_match(). Let me look into how best to fix it.
The commit below should fix it. I'm not 100% happy with the code and suspect there might still be some bugs lurking in there but if they are there the current test doesn't reveal them (even under Sun dbx with memory checking on) and none of the string tests is showing any signs of problems either. http://svn.apache.org/viewvc?rev=420363&view=rev Martin