From 28799f26c9be58d43356fc169c26c3bfe81c33f0 Mon Sep 17 00:00:00 2001
From: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
Date: Sat, 28 Apr 2007 18:42:14 +0000
Subject: [PATCH] [pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY
 Submitted By: Glen Masgai after an UpnpSendActionAsync() for example, i get
 UPNP_E_OUTOF_MEMORY in the callback using 1.4.4 on a x86_64 system. This
 happens in http_MakeMessage(), which in some cases get called with wrong
 types (int instead of size_t) in combination with format "b" and "Q". The
 attached patch should fix this.

git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@166 119443c7-1b9e-41f8-b6fc-b9c35fce742c
---
 ChangeLog                                | 11 ++++-
 THANKS                                   |  2 +
 upnp/src/genlib/net/http/httpreadwrite.c | 60 +++++++++++++-----------
 upnp/src/soap/soap_ctrlpt.c              | 24 +++++-----
 4 files changed, 56 insertions(+), 41 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8069fc4..475a412 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,12 +11,21 @@ Version 1.4.5
 	* Fix for a bug in makeAction where va_arg was beeing called one
 	extra time.
 
-2007-04-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
+2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
 	* SF Tracker [ 1703533 ] Patch to make it compile under FreeBSD
 	Submitted By: Timothy Redaelli - drittz
 	I made some patches to make it compile under FreeBSD using
 	gethostbyaddr_r when supported.
 
+2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
+	* [pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY
+	Submitted By: Glen Masgai
+	after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
+	in the callback using 1.4.4 on a x86_64 system. This happens in
+	http_MakeMessage(), which in some cases get called with wrong types
+	(int instead of size_t) in combination with format "b" and "Q".
+	The attached patch should fix this.
+
 *************************************************************************
 Version 1.4.4
 *************************************************************************
diff --git a/THANKS b/THANKS
index 1624852..9b1d835 100644
--- a/THANKS
+++ b/THANKS
@@ -15,6 +15,7 @@ exempt of errors.
 - Eric Tanguy
 - Erwan Velu
 - Fredrik Svensson
+- Glen Masgai
 - Jiri Zouhar
 - John Dennis
 - Jonathan (no_dice)
@@ -28,4 +29,5 @@ exempt of errors.
 - Michael (Oxy)
 - Paul Vixie
 - Siva Chandran
+- Timothy Redaelli
 
diff --git a/upnp/src/genlib/net/http/httpreadwrite.c b/upnp/src/genlib/net/http/httpreadwrite.c
index 5f5796f..421e5f3 100644
--- a/upnp/src/genlib/net/http/httpreadwrite.c
+++ b/upnp/src/genlib/net/http/httpreadwrite.c
@@ -606,8 +606,8 @@ http_Download( IN const char *url_str,
      *hoststr,
      *temp;
     http_parser_t response;
-    size_t msg_length,
-      hostlen;
+    size_t msg_length;
+    size_t hostlen;
     memptr ctype;
     size_t copy_len;
     membuffer request;
@@ -648,9 +648,10 @@ http_Download( IN const char *url_str,
 
         ret_code = http_MakeMessage(
             &request, 1, 1,
-            "QsbcDCUc",
+            "Q" "s" "bcDCUc",
             HTTPMETHOD_GET, url.pathquery.buff, url.pathquery.size,
-            "HOST: ", hoststr, hostlen );
+            "HOST: ",
+            hoststr, hostlen );
     if( ret_code != 0 ) {
         DBGONLY( UpnpPrintf
                  ( UPNP_INFO, HTTP, __FILE__, __LINE__,
@@ -766,7 +767,7 @@ MakePostMessage( const char *url_str,
 {
     int ret_code = 0;
     char *urlPath = alloca( strlen( url_str ) + 1 );
-    int hostlen = 0;
+    size_t hostlen = 0;
     char *hoststr,
      *temp;
 
@@ -799,7 +800,7 @@ MakePostMessage( const char *url_str,
     hostlen = strlen( hoststr );
     *temp = '/';
     DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
-                         "HOSTNAME : %s Length : %d\n", hoststr, hostlen );
+                         "HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
          )
 
     if( contentLength >= 0 ) {
@@ -1101,9 +1102,9 @@ MakeGetMessage( const char *url_str,
 {
     int ret_code;
     char *urlPath = alloca( strlen( url_str ) + 1 );
-    int querylen = 0;
+    size_t querylen = 0;
     const char *querystr;
-    int hostlen = 0;
+    size_t hostlen = 0;
     char *hoststr,
      *temp;
 
@@ -1136,7 +1137,7 @@ MakeGetMessage( const char *url_str,
     hostlen = strlen( hoststr );
     *temp = '/';
     DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
-                         "HOSTNAME : %s Length : %d\n", hoststr, hostlen );
+                         "HOSTNAME : %s Length : %zd\n", hoststr, hostlen );
          )
 
     if( proxy_str ) {
@@ -1149,9 +1150,10 @@ MakeGetMessage( const char *url_str,
 
     ret_code = http_MakeMessage(
         request, 1, 1,
-        "QsbcDCUc",
+        "Q" "s" "bcDCUc",
         HTTPMETHOD_GET, querystr, querylen,
-        "HOST: ", hoststr, hostlen );
+        "HOST: ",
+        hoststr, hostlen );
 
     if( ret_code != 0 ) {
         DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
@@ -1780,8 +1782,8 @@ http_SendStatusResponse( IN SOCKINFO * info,
 *		fmt types:
 *		'B':	arg = int status_code 
 *				appends content-length, content-type and HTML body for given code
-*		'b':	arg1 = const char* buf; arg2 = size_t buf_length 
-*				memory ptr
+*		'b':	arg1 = const char* buf;
+*			arg2 = size_t buf_length memory ptr
 *		'C':	(no args) appends a HTTP CONNECTION: close header 
 *				depending on major,minor version
 *		'c':	(no args) appends CRLF "\r\n"
@@ -1790,16 +1792,18 @@ http_SendStatusResponse( IN SOCKINFO * info,
 *		'G':	arg = range information         // add range header
 *		'h':	arg = off_t number		// appends off_t number
 *		'K':	(no args)                       // add chunky header
-*		'N':	arg1 = int content_length	// content-length header
-*               'q':    arg1 = http_method_t, arg2 = (uri_type *) // request start line and HOST header
-*		'Q':	arg1 = http_method_t; arg2 = char* url; 
-*				arg3 = int url_length // start line of request
-*		'R':	arg = int status_code // adds a response start line
+*		'N':	arg1 = off_t content_length       // content-length header
+*		'q':    arg1 = http_method_t            // request start line and HOST header
+*			arg2 = (uri_type *)
+*		'Q':	arg1 = http_method_t;           // start line of request
+*			arg2 = char* url; 
+*			arg3 = size_t url_length 
+*		'R':	arg = int status_code           // adds a response start line
 *		'S':	(no args) appends HTTP SERVER: header
 *		's':	arg = const char* C_string
-*		'T':	arg = char * content_type; format e.g: "text/html";	
-*				 content-type header
-*		't':	arg = time_t * gmt_time	// appends time in RFC 1123 fmt
+*		'T':	arg = char * content_type; format
+*			e.g: "text/html"; content-type header
+*		't':	arg = time_t * gmt_time         // appends time in RFC 1123 fmt
 *		'U':	(no args) appends HTTP USER-AGENT: header
 *               'X':    arg = const char useragent; "redsonic" HTTP X-User-Agent: useragent
 *
@@ -2165,7 +2169,7 @@ MakeGetMessageEx( const char *url_str,
 {
     int errCode = UPNP_E_SUCCESS;
     char *urlPath = NULL;
-    int hostlen = 0;
+    size_t hostlen = 0;
     char *hoststr,
      *temp;
 
@@ -2210,16 +2214,16 @@ MakeGetMessageEx( const char *url_str,
         *temp = '/';
 
         DBGONLY( UpnpPrintf( UPNP_INFO, HTTP, __FILE__, __LINE__,
-                             "HOSTNAME : %s Length : %d\n", hoststr,
-                             hostlen );
+                             "HOSTNAME : %s Length : %zd\n",
+                             hoststr, hostlen );
              )
 
             errCode = http_MakeMessage(
                 request, 1, 1,
-                "QsbcGDCUc",
-                HTTPMETHOD_GET,
-                url->pathquery.buff, url->pathquery.size,
-                "HOST: ", hoststr, hostlen,
+                "Q" "s" "bc" "GDCUc",
+                HTTPMETHOD_GET, url->pathquery.buff, url->pathquery.size,
+                "HOST: ",
+		hoststr, hostlen,
                 pRangeSpecifier );
 
         if( errCode != 0 ) {
diff --git a/upnp/src/soap/soap_ctrlpt.c b/upnp/src/soap/soap_ctrlpt.c
index 156a143..73ed788 100644
--- a/upnp/src/soap/soap_ctrlpt.c
+++ b/upnp/src/soap/soap_ctrlpt.c
@@ -611,9 +611,9 @@ SoapSendAction( IN char *action_url,
     char *xml_end =
         "</s:Body>\r\n"
         "</s:Envelope>\r\n\r\n";
-    int xml_start_len;
-    int xml_end_len;
-    int action_str_len;
+    size_t xml_start_len;
+    size_t xml_end_len;
+    size_t action_str_len;
 
     *response_node = NULL;      // init
 
@@ -693,7 +693,7 @@ SoapSendAction( IN char *action_url,
         err_code = ret_code;
     }
 
-  error_handler:
+error_handler:
     ixmlFreeDOMString( action_str );
     membuffer_destroy( &request );
     membuffer_destroy( &responsename );
@@ -757,13 +757,13 @@ SoapSendActionEx( IN char *action_url,
     char *xml_end =
         "</s:Body>\r\n"
         "</s:Envelope>\r\n";
-    int xml_start_len;
-    int xml_header_start_len;
-    int xml_header_str_len;
-    int xml_header_end_len;
-    int xml_body_start_len;
-    int action_str_len;
-    int xml_end_len;
+    size_t xml_start_len;
+    size_t xml_header_start_len;
+    size_t xml_header_str_len;
+    size_t xml_header_end_len;
+    size_t xml_body_start_len;
+    size_t action_str_len;
+    size_t xml_end_len;
     off_t content_length;
 
     *response_node = NULL;      // init
@@ -821,7 +821,7 @@ SoapSendActionEx( IN char *action_url,
         xml_body_start_len + action_str_len + xml_end_len;
     if (http_MakeMessage(
         &request, 1, 1,
-        "q" "N" "s" "sssbsc" "Uc" "bbbbbbb",
+        "q" "N" "s" "sssbsc" "Uc" "b" "b" "b" "b" "b" "b" "b",
         SOAPMETHOD_POST, &url,
         content_length,
         ContentTypeHeader,