On Mon, Jun 27, 2011 at 6:11 AM, Fam Zheng <famc...@gmail.com> wrote:
> On Mon, Jun 27, 2011 at 12:43 PM, Stefan Hajnoczi <stefa...@gmail.com> wrote:
>> On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famc...@gmail.com> wrote:
>>> + if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 ||
>>> + strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0
>>> ||
>>> + strncmp("version=2\n", p, strlen("version=2\n")) == 0 ||
>>> + strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0)
>>> {
>>> + return 100;
>>> + }
>>
>> If p == end - 1 then this will run off the end of the buffer. You need to
>> use:
>>
>> strncmp("version=1\n", p, end - p);
>>
>
> Won't work if (p == end -1 and *p == 'v'), how about check if end - p
> is big enough first?
Yes, good point. Only compare if there is enough space for the matching string:
remaining = end - p;
if (remaining < strlen("version=X\n")) {
continue;
}
if (strncmp("version=1\n", p, remaining) == 0 ||
strncmp("version=2\n", p, remaining) == 0) {
return 100;
}
if (remaining < strlen("version=X\r\n")) {
continue;
}
if (strncmp("version=1\r\n", p, remaining) == 0 ||
strncmp("version=2\r\n", p, remaining) == 0) {
return 100;
}
Stefan
