On 02/16/2018 12:35 PM, Yann Ylavic wrote: > On Fri, Feb 16, 2018 at 10:57 AM, Ruediger Pluem <[email protected]> wrote: >> >> On 02/15/2018 01:57 PM, [email protected] wrote: >>> >>> Modified: httpd/httpd/trunk/server/protocol.c >>> URL: >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1824303&r1=1824302&r2=1824303&view=diff >>> ============================================================================== >>> --- httpd/httpd/trunk/server/protocol.c (original) >>> +++ httpd/httpd/trunk/server/protocol.c Thu Feb 15 12:57:14 2018 >> >>> @@ -487,6 +490,11 @@ AP_DECLARE(int) ap_getline(char *s, int >>> apr_size_t len; >>> apr_bucket_brigade *tmp_bb; >>> >>> + if (n < 1) { >>> + /* Can't work since we always NUL terminate */ >>> + return -1; >>> + } >>> + >> >> Shouldn't we check for s != NULL as well? Otherwise the contents is read to >> a buffer allocated by ap_rgetline_core and >> we only return the length. I don 't see how this usage could be useful as >> the content cannot be read again (otherwise >> it would be useful to see how much content is in the pipe) > > While the n < 0 check protects against signed to unsigned underflow > which could crash the process, s == NULL only affects the caller (no > strong opinion actually).
Correct. > Maybe it's used to eat/discard lines somewhere? This was also one of my thoughts. Hence the post here to gather feedback :-) Regards RĂ¼diger
