evbuffer_find() will search past the end of the buffer by up to (len - 1) bytes. The program below demonstrates the bug. The attached patch fixes it and includes a regression test.
#include <assert.h>
#include <sys/types.h>
#include <sys/time.h>
#include <event.h>
int main(int argc, char *argv[])
{
struct evbuffer *buf;
char *p;
buf = evbuffer_new();
assert(buf != NULL);
evbuffer_add(buf, "abc", 3);
evbuffer_drain(buf, 3);
evbuffer_add(buf, "ab", 2);
p = evbuffer_find(buf, "bc", 2);
assert(p == NULL);
return 0;
}
libevent.patch
Description: Binary data
_______________________________________________ Libevent-users mailing list [email protected] http://monkey.org/mailman/listinfo/libevent-users
