On Thu, 04 Mar 2010 11:49:48 +0100, Gregor Hoffleit <gregor at hoffleit.de> 
wrote:
> In format_part_json, part_content->data is not a null terminated
> string.

I'd like to see this bug fixed, and the patch is pretty small, but...

> Instead, we have to use part_content->len.
> +     content_data = talloc_size (ctx, part_content->len+1);
> +     memcpy (content_data, (char *)part_content->data, part_content->len+1);

Can anyone explain why we copy (what seems to me to be) one extra byte
here?  In principle reading outside our allocated memory could cause
problems; at minimum it makes a false positive for a memory checker like
valgrind.

David

Reply via email to