-
Notifications
You must be signed in to change notification settings - Fork 695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for out of bound read in std::strtol while parsing HTTP requests #1208
base: master
Are you sure you want to change the base?
Conversation
@Tachi107, I can't tell, but are these CI failures innocuous? |
std::string_view view(beg_trim, codeToken.size()); | ||
const char* end = view.data() + view.size(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is a string_view being used here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Citing cppreference:
constexpr basic_string_view( const CharT* s, size_type count );
After construction, data() is equal to s, and size() is equal to count.
So isn't your code exactly the same as:
std::string_view view(beg_trim, codeToken.size()); | |
const char* end = view.data() + view.size(); | |
const char* end = beg_trim + codeToken.size(); |
std::string_view view = beg_trim; | ||
const char* end = view.data() + view.size(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm generally a fan of string_view, but here I personally find it unnecessary. I'd suggest using strlen()
explicitly, like:
std::string_view view = beg_trim; | |
const char* end = view.data() + view.size(); | |
const char* end = beg_trim + std::strlen(beg_trim); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This patch is supposed to be fixing an out of bounds read due to using std::strtol
on a non-\0
-terminated string, but unless I'm reading this wrong the bug is still present; instead of over-reading with strtol
, you're over-reading with std::from_chars
, since the end
pointer is derived by beg_trim + strlen(beg_trim)
, which will point to beyond the end of the string when it isn't null-terminated since strlen
looks for the string terminator to determined the size.
If you have a char pointer and the pointed data isn't null-terminated and you don't even have a length/size variable, then you really have no way of determining its length.
Il giorno ven 26 apr 2024 alle 10:52:45 -07:00:00, Kip
***@***.***> ha scritto:
@Tachi107, I can't tell, but are these CI failures innocuous?
It seems an error in the runners themselves, so not related to this
patch in particular. I've just rescheduled them, and they should
hopefully pass.
…--
OpenPGP key: 66DE F152 8299 0C21 99EF A801 A8A1 28A8 AB1C EE49
|
Fixes: #1193
This is an attempt to better a previous PR #1201.
@kiplingw This PR is ready for review. Thanks!