sscanf isn't safe with strings that aren't null-terminated. In such case, create a local copy that is null-terminated first.

TESTED=GYP_DEFINES=build_for_tool=memcheck gclient runhooks ninja -C out/Debug/ libjingle_unittest tools/valgrind-webrtc/webrtc_tests.sh --tool memcheck --test out/Debug/libjingle_unittest --gtest_filter=Http* R=noahric@google.com Review URL: https://webrtc-codereview.appspot.com/1941004 git-svn-id: http://webrtc.googlecode.com/svn/trunk@4469 4adac7df-926f-26a2-2b94-8c16560cd09d
2013-08-01 21:20:46 +00:00
parent 17758e96c5
commit 0dc0f172a3
2 changed files with 7 additions and 24 deletions
--- a/talk/base/httpbase.cc
+++ b/talk/base/httpbase.cc
@@ -166,12 +166,16 @@ HttpParser::ProcessLine(const char* line, size_t len, HttpError* error) {
      } while ((value < eol) && isspace(static_cast<unsigned char>(*value)));
      size_t vlen = eol - value;
      if (MatchHeader(line, nlen, HH_CONTENT_LENGTH)) {
-	unsigned int temp_size;
-        if (sscanf(value, "%u", &temp_size) != 1) {
+        // sscanf isn't safe with strings that aren't null-terminated, and there
+        // is no guarantee that |value| is.
+        // Create a local copy that is null-terminated.
+        std::string value_str(value, vlen);
+        unsigned int temp_size;
+        if (sscanf(value_str.c_str(), "%u", &temp_size) != 1) {
          *error = HE_PROTOCOL;
          return PR_COMPLETE;
        }
-	data_size_ = static_cast<size_t>(temp_size);
+        data_size_ = static_cast<size_t>(temp_size);
      } else if (MatchHeader(line, nlen, HH_TRANSFER_ENCODING)) {
        if ((vlen == 7) && (_strnicmp(value, "chunked", 7) == 0)) {
          chunked_ = true;
--- a/tools/valgrind-webrtc/memcheck/suppressions.txt
+++ b/tools/valgrind-webrtc/memcheck/suppressions.txt
@@ -917,27 +917,6 @@
   fun:BIO_new_mem_buf
   fun:_ZN9talk_base15OpenSSLIdentity14FromPEMStringsERKSsS2_
 }
-# For sscanf
-{
-   sscanf_1
-   Memcheck:Uninitialized
-   fun:__GI___rawmemchr
-   fun:_IO_str_init_static_internal
-   fun:vsscanf
-   fun:sscanf
-   fun:_ZN9talk_base16HttpResponseData11parseLeaderEPKcm
-   ...
-}
-{
-   sscanf_2
-   Memcheck:Uninitialized
-   fun:__GI___rawmemchr
-   fun:_IO_str_init_static_internal
-   fun:vsscanf
-   fun:sscanf
-   fun:_ZN9talk_base15HttpRequestData11parseLeaderEPKcm
-   ...
-}
 # For HttpServer.SignalsCloseAfterForcedCloseAll
 {
   SignalsCloseAfterForcedCloseAll