search for: message_header_fields

On 01/02/2008, Conrad Parker <conrad@metadecks.org> wrote: > On 31/01/2008, ogg.k.ogg.k@googlemail.com <ogg.k.ogg.k@googlemail.com> wrote: > > This fixes an off by one bug in the user of snprintf, and returns > > negative if writing the > > header returns negative (otherwise we'd just get a short write, losing > > the error). > > This patch

On 06/02/2008, ogg.k.ogg.k@googlemail.com <ogg.k.ogg.k@googlemail.com> wrote: > I've had a second look, and I believe there really was a bug there, > though my patch may not be optimal. > > As an example of an off by one bug: > > On the first run through the code, message_header_fields will be NULL, > so _ogg_calloc will be called. Assume header_key and header_value > are both "X", so strlen of each is 1. message_size will then by 6, and a > block of 6 bytes is callocated. > Then snprintf is called with a byte limit of message_size+1 (7, one more > than t...

...9;oggz' wrapper tool with bash completion. Details ======= Security -------- * Handle allocation failure due to out of memory throughout, for Mozilla bug 468280. Adds new error return OGGZ_ERR_OUT_OF_MEMORY * skeleton.c::ogg_from_fisbone(): avoid memcpy of NULL fp->message_header_fields. Fixes ticket:408, reported by j^ * Mozilla bug 463756: return an error when a hole (ie. missing sequence number) is detected in the headers of a track * Remove dead code from oggz_read.c for ticket:439, reported by Coverity * Check for NULL return value of val in cgi.c (ticket:4...