Closed GoogleCodeExporter closed 9 years ago
Well... this bug is nasty.
It wasn't checking that the data was nonzero in size. Internally it uses
strtoull, which ignores initial characters matched as spaces, then attempts to
parse the rest of the number.
An empty item has "\r\n" in the data section (min size 2), so if there's
parseable memory beyond the end of the data section in that chunk, possibly
from data previously occupying that space, it'll successfully delta it.
It won't corrupt memory, since it later tests for space to write the new value
into (it->nbytes), and will then allocate a new item for the storage.
So.. a small win there at least.
Pushed a fix to 'next' branch.
Original comment by dorma...@rydia.net
on 1 Jan 2015 at 6:42
Original issue reported on code.google.com by
tgrab...@cloudius-systems.com
on 17 Oct 2014 at 3:20