Jose Luis Zabalza wrote:
Hello list
I am trying write a sax parser reading from a unix socket. I wrote a
derived class from BinImputStream and I rewrote curPos() and
readBytes() members.
All right, but
MY_InputStream::readBytes( XMLByte* const toFill
, const unsigned int maxToRead)
{
int Result;
int t=recv(fSource, x, maxToRead, 0);
This is most likely a buffer overrun, since x is 1000 bytes, and you've
passed in maxToRead to recv. This should be:
recv(
fSource,
x,
maxToRead > sizeof(x) ? sizeof(x) : maxToRead,
0);
if(t<=0)
t=0;
for(Result=0;Result<t;Result++)
toFill[Result]=x[Result];
This is also a buffer overrun, since t may be greater than 1000.
return(t);
}
If x is a local buffer
MY_InputStream::readBytes( XMLByte* const toFill
, const unsigned int maxToRead)
{
char x[1000];
or directly toFill
int t=recv(fSource, toFill, maxToRead, 0);
there are not problems but if x is a private member of MY_InputStream,
class MY_InputStream : public BinInputStream
{
private :
char x[1000];
I get a runtime error.
*** glibc detected *** free(): invalid next size (fast): 0x0805b0d0 ***
When the buffer is on the stack, you overwrite the stack. When the buffer
is a data member, you overwrite the block of memory allocated for the
object. You are most likely destroying crucial data the heap allocator needs.
Dave
