Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.6.0
-
None
Description
In functions axiom_data_source_serialize() and axis2_simple_http_svr_conn_write_respond() the buffer obtained via axutil_stream_get_buffer() and axutil_stream_get_len() is terminated with a NUL byte by patching behind the filled data. If the buffer is exactly full at that time, that NUL is patched into not allocated memory, which may currupt the malloc memory arena (corrupt the heap).
We have patched "stream.c" to always allocate one more byte than is necessary or used, so that always at least one more byte of memory is allocated. That made our crashes go away.
A more clean solution would be to have stream.c offer a function that guarantees that additional byte (eventually reallocating), which would be called prior to axutil_stream_get_buffer(), whenever such a NUL byte patching is required.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
