On Jun 7, 2011, at 4:03 AM, Nick Mathewson wrote:
On Mon, Jun 6, 2011 at 8:37 PM, Nir Soffer <nirsof@xxxxxxxxx> wrote:
Here's another patch that might make stuff work. Before I'd apply
it,
I'd like to have a look through everything that's using
evbuffer_ptr_set() and evbuffer_ptr right now to make sure that
nothing will freak out if it gets a pointer like this.
What do you think?
Here is a new test case that fail with this patch:
/* Search the next 18 bytes for "attack" */
tt_int_op(evbuffer_ptr_set(buf, &end, 18, EVBUFFER_PTR_SET), ==,
0);
pos = evbuffer_search_range(buf, "attack", 6, NULL, &end);
tt_int_op(pos.pos, ==, 11);
The use case is simple - I want to limit the search to some range,
which
happen to be longer then the buffer. To make this work with this
patch, I
have to do something like this:
size_t length = evbuffer_get_length(buf);
if (limit > length)
limit = length;
evbuffer_ptr_set(buf, &end, limit, EVBUFFER_PTR_SET);
pos = evbuffer_search_range(buf, "needle", 6, NULL, &end);
But what I would like to do is this:
evbuffer_ptr_set(buf, &end, limit, EVBUFFER_PTR_SET);
pos = evbuffer_search_range(buf, "needle", 6, NULL, &end);
So evebuffer_ptr_set should succeed even if position is after the
end of the
buffer;
The attached patch make it work, but accepting any position, even
if it out
of the buffer range.
I did not inspect the code handling these ranges yet - it is
possible that
such ranges will lead to accessing memory you should not access, if
the code
was depending on ranges to be always within the buffer.