The ngx_http_slice_parse_content_range function assumes that the parsed buffer is null terminated. Since the buffer is an ngx_str_t, that assumption is false. If, by chance, the buffer is null terminated it is simply a matter of luck, and not design.
In particular, if the headers_out.content_range ngx_str_t was allocated in the ngx_http_range_filter_module then the buffer was allocated as a non-zero terminated buffer by ngx_pnalloc. The fact that the buffer is not null terminated may lead to ngx_http_slice_parse_content_range returning an NGX_ERROR code after the buffer was successfully parsed, or, if the caller is unfortunate, leading to a random memory access failure. I've written a replacement function that uses the length of the ngx_str_t as a guard condition. This code works and passes all of the unit tests. How should I submit the replacement? Carey Gister 415-310-5304
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel