GNOME Bugzilla – Bug 605104
Off by one bug in unique_message_data_get_filename()
Last modified: 2010-05-08 11:20:07 UTC
Created attachment 150146 [details] [review] Suggested change to fix bug Hi, Please see attached patch. Cheers, Rodney
why do you feel there's an off-by-one bug? set_filename() internally calls: set_data(filename, strlen(filename)) and set_data() does: message->data = g_new (unsigned char*, length + 1) message->length = length; memcpy (message->data, data, length); message->data[length] = 0; which ends up terminating the string buffer. can you please attach a minimal test case for set_filename() that fails for you? and could you please write a more descriptive bug report next time? thanks for your time.
Hi, Yes, message->data is correctly terminated. unique_message_data_get_filename() uses g_memdup() to copy it, but doesn't include the NULL. So that's what my patch fixes. Please let me know if you still want the test case. Cheers, Rodney
Created attachment 150722 [details] Test case OK here is a test case.
Hi Emmanuele, Did you get time to try the test case? Cheers, Rodney
Pushed to master, will backport to the stable branch as well. Sorry for the delay in applying the patch.