Changes between Version 1 and Version 4 of Ticket #2063


Ignore:
Timestamp:
Nov 14, 2017 3:25:38 PM (7 years ago)
Author:
ming
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2063

    • Property Status changed from new to closed
    • Property Resolution changed from to fixed
  • Ticket #2063 – Description

    v1 v4  
    33Also in the ticket: 
    44- Modify the spec of pjlib-util's scanner. Originally, the spec said that the scanner will add the NULL terminator right AFTER the end of the buffer, however it turns out that the current implementation didn't do that, probably for a good reason, i.e. to avoid buffer overwrite. So, we change the spec instead, to require that the input buffer passed to the scanner needs to be NULL terminated by app. 
    5 - Add assertion in pjlib-util's scanner to ensure that the buffer is NULL terminated.[[br]] 
    6  If when using tools such as Valgrind or !AddressSanitizer, you get a buffer read overflow warning in this assertion line, it means that you incorrectly passed the buffer length (it should be buffer length - 1). 
    75- Add robustness check in sip_multipart to prevent buffer overflow