FrameDecoder's append() function accesses out-of-range if appending 0 bytes
---------------------------------------------------------------------------
Key: QPID-1957
URL: https://issues.apache.org/jira/browse/QPID-1957
Project: Qpid
Issue Type: Bug
Components: C++ Broker, C++ Client
Affects Versions: 0.5
Reporter: Steve Huston
Assignee: Steve Huston
Fix For: 0.6
The append() function in qpid/framing/FrameDecoder.cpp tries to take the
address of out-of-range bytes if appending 0 bytes. Although no bytes will
actually be written, the [] operator throws an out of range exception in Visual
Studio, which is correct since the address of an element that doesn't exist is
being requested.
This fixes it:
Index: src/qpid/framing/FrameDecoder.cpp
===================================================================
--- src/qpid/framing/FrameDecoder.cpp (revision 788779)
+++ src/qpid/framing/FrameDecoder.cpp (working copy)
@@ -32,7 +32,8 @@
/** Append up to n bytes from start of buf to end of bytes. */
void append(std::vector<char>& bytes, Buffer& buffer, size_t n) {
size_t oldSize = bytes.size();
- n = std::min(n, size_t(buffer.available()));
+ if ((n = std::min(n, size_t(buffer.available()))) == 0)
+ return;
bytes.resize(oldSize+n);
char* p = &bytes[oldSize];
buffer.getRawData(reinterpret_cast<uint8_t*>(p), n);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]