On Thu, 04 Mar 2010 11:49:48 +0100, Gregor Hoffleit <gregor at hoffleit.de> wrote: > In format_part_json, part_content->data is not a null terminated > string.
I'd like to see this bug fixed, and the patch is pretty small, but... > Instead, we have to use part_content->len. > + content_data = talloc_size (ctx, part_content->len+1); > + memcpy (content_data, (char *)part_content->data, part_content->len+1); Can anyone explain why we copy (what seems to me to be) one extra byte here? In principle reading outside our allocated memory could cause problems; at minimum it makes a false positive for a memory checker like valgrind. David