FrameDecoder's append() function accesses out-of-range if appending 0 bytes
---------------------------------------------------------------------------

                 Key: QPID-1957
                 URL: https://issues.apache.org/jira/browse/QPID-1957
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker, C++ Client
    Affects Versions: 0.5
            Reporter: Steve Huston
            Assignee: Steve Huston
             Fix For: 0.6


The append() function in qpid/framing/FrameDecoder.cpp tries to take the 
address of out-of-range bytes if appending 0 bytes. Although no bytes will 
actually be written, the [] operator throws an out of range exception in Visual 
Studio, which is correct since the address of an element that doesn't exist is 
being requested.

This fixes it:

Index: src/qpid/framing/FrameDecoder.cpp
===================================================================
--- src/qpid/framing/FrameDecoder.cpp   (revision 788779)
+++ src/qpid/framing/FrameDecoder.cpp   (working copy)
@@ -32,7 +32,8 @@
 /** Append up to n bytes from start of buf to end of bytes. */
 void append(std::vector<char>& bytes, Buffer& buffer, size_t n) {
     size_t oldSize = bytes.size();
-    n = std::min(n, size_t(buffer.available()));
+    if ((n = std::min(n, size_t(buffer.available()))) == 0)
+        return;
     bytes.resize(oldSize+n);
     char* p = &bytes[oldSize];
     buffer.getRawData(reinterpret_cast<uint8_t*>(p), n);


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to