On 21/12/2012 6:08 a.m., Alex Rousskov wrote:
On 12/19/2012 02:33 PM, Kinkie wrote:
there seems to be a buffer overrun in the Scoutcast related test in
testHttpReply.
Indeed.
The attached patch may address it - it's unclear to me whether the
cstring-termination \0 should be appended to the MemBuf - I assume so as
the test is not crashing, but you never know.
If the test is for parsing the header, then it does not matter whether 0
terminator is appended or not (it is not a part of the header). However,
it is best not to append it IMO: If there is a bug in headersEnd or
elsewhere, it would be slightly more likely to be exposed if the
terminator is not there.
Unless the trailing garbage to the input is intentional, if so I'll mark
the bug as intentional in coverity.
If the intent is to append garbage, the test code should be rewritten. I
do not think it is though.
It was a copy-n-paste error that one. The tests for garbage have
explicitly chosen invalid octets appended to test the various edge cases.
Amos
