[
https://issues.apache.org/jira/browse/QPID-1957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Huston resolved QPID-1957.
--------------------------------
Resolution: Fixed
Fixed; r788886
> FrameDecoder's append() function accesses out-of-range if appending 0 bytes
> ---------------------------------------------------------------------------
>
> Key: QPID-1957
> URL: https://issues.apache.org/jira/browse/QPID-1957
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker, C++ Client
> Affects Versions: 0.5
> Reporter: Steve Huston
> Assignee: Steve Huston
> Fix For: 0.6
>
>
> The append() function in qpid/framing/FrameDecoder.cpp tries to take the
> address of out-of-range bytes if appending 0 bytes. Although no bytes will
> actually be written, the [] operator throws an out of range exception in
> Visual Studio, which is correct since the address of an element that doesn't
> exist is being requested.
> This fixes it:
> Index: src/qpid/framing/FrameDecoder.cpp
> ===================================================================
> --- src/qpid/framing/FrameDecoder.cpp (revision 788779)
> +++ src/qpid/framing/FrameDecoder.cpp (working copy)
> @@ -32,7 +32,8 @@
> /** Append up to n bytes from start of buf to end of bytes. */
> void append(std::vector<char>& bytes, Buffer& buffer, size_t n) {
> size_t oldSize = bytes.size();
> - n = std::min(n, size_t(buffer.available()));
> + if ((n = std::min(n, size_t(buffer.available()))) == 0)
> + return;
> bytes.resize(oldSize+n);
> char* p = &bytes[oldSize];
> buffer.getRawData(reinterpret_cast<uint8_t*>(p), n);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
