[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: Re: svn commit: r490156 -
From: Nick Kew <nick () webthing ! com>
Date: 2007-01-23 23:48:01
Message-ID: 20070123234801.14d4ca3c () grimnir
[Download RAW message or body]
On Tue, 23 Jan 2007 22:06:46 +0100
Ruediger Pluem <rpluem@apache.org> wrote:
> > - /* Pass through %% as % */
> > - if (*s == '%') {
> > + /* Pass through %% or % at end of string as % */
> > + if ((*s == '%') || (*s == '\0')) {
> > tag->func = constant_item;
> > tag->arg = "%";
> > *sa = ++s;
>
> Doesn't this create an off-by-one error?
>
> Lets s look like the following: s = "%\0t"
%\0 ?? Oook!
> This would result in pointing *sa to t.
>
> But in line 360 we have the following loop:
>
> while (*s) {
> if ((res = parse_format_tag(p, (format_tag *)
> apr_array_push(hdr->ta), &s))) { return res;
> }
> }
>
> It would then start to process the memory region starting with t with
> parse_format_tag.
Heh!
> I think the following should fix this:
Yep, looks right, thanks.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic