Changeset 5693 for pjproject/trunk/pjlib-util/include/pjlib-util/scanner.h

Timestamp:

Nov 14, 2017 8:20:15 AM (6 years ago)

Author:

ming

Message:

Fixed #2063: Add more documentation in PJSIP's parser to prevent stack buffer overflow

File:

• pjproject/trunk/pjlib-util/include/pjlib-util/scanner.h (modified) (1 diff)

pjproject/trunk/pjlib-util/include/pjlib-util/scanner.h

@@ -217 +217 @@
 
 /**
- * Initialize the scanner. Note that the input string buffer must have
- * length at least buflen+1 because the scanner will NULL terminate the
- * string during initialization.
+ * Initialize the scanner.
+ * Note that the input string buffer MUST be NULL terminated and have
+ * length at least buflen+1 (buflen MUST NOT include the NULL terminator).
  *
  * @param scanner   The scanner to be initialized.
- * @param bufstart  The input buffer to scan. Note that buffer[buflen] will be 
- *                  filled with NULL char until scanner is destroyed, so
- *                  the actual buffer length must be at least buflen+1.
+ * @param bufstart  The input buffer to scan, which must be NULL terminated.
  * @param buflen    The length of the input buffer, which normally is
- *                  strlen(bufstart).
+ *                  strlen(bufstart), hence not counting the NULL terminator.
  * @param options   Zero, or combination of PJ_SCAN_AUTOSKIP_WS or
  *                  PJ_SCAN_AUTOSKIP_WS_HEADER