On Mon, Jun 27, 2011 at 12:43 PM, Stefan Hajnoczi <stefa...@gmail.com> wrote:
> On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famc...@gmail.com> wrote:
>> + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 ||
>> + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 ||
>> + strncmp("version=2\n", p, strlen("version=2\n")) == 0 ||
>> + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) {
>> + return 100;
>> + }
>
> If p == end - 1 then this will run off the end of the buffer. You need to
> use:
>
> strncmp("version=1\n", p, end - p);
>
Won't work if (p == end -1 and *p == 'v'), how about check if end - p
is big enough first?
--
Best regards!
Fam Zheng
