From 0dc0f172a3c3e2d6524ae4b67c0eafb1f661bbb2 Mon Sep 17 00:00:00 2001
From: "wu@webrtc.org" <wu@webrtc.org@4adac7df-926f-26a2-2b94-8c16560cd09d>
Date: Thu, 1 Aug 2013 21:20:46 +0000
Subject: [PATCH] sscanf isn't safe with strings that aren't null-terminated.
 In such case, create a local copy that is null-terminated first.

TESTED=GYP_DEFINES=build_for_tool=memcheck gclient runhooks
ninja -C out/Debug/ libjingle_unittest
tools/valgrind-webrtc/webrtc_tests.sh --tool memcheck --test out/Debug/libjingle_unittest  --gtest_filter=Http*

R=noahric@google.com

Review URL: https://webrtc-codereview.appspot.com/1941004

git-svn-id: http://webrtc.googlecode.com/svn/trunk@4469 4adac7df-926f-26a2-2b94-8c16560cd09d
---
 talk/base/httpbase.cc                         | 10 ++++++---
 .../valgrind-webrtc/memcheck/suppressions.txt | 21 -------------------
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/talk/base/httpbase.cc b/talk/base/httpbase.cc
index 90c1a7879..7d54ab8a9 100644
--- a/talk/base/httpbase.cc
+++ b/talk/base/httpbase.cc
@@ -166,12 +166,16 @@ HttpParser::ProcessLine(const char* line, size_t len, HttpError* error) {
       } while ((value < eol) && isspace(static_cast<unsigned char>(*value)));
       size_t vlen = eol - value;
       if (MatchHeader(line, nlen, HH_CONTENT_LENGTH)) {
-	unsigned int temp_size;
-        if (sscanf(value, "%u", &temp_size) != 1) {
+        // sscanf isn't safe with strings that aren't null-terminated, and there
+        // is no guarantee that |value| is.
+        // Create a local copy that is null-terminated.
+        std::string value_str(value, vlen);
+        unsigned int temp_size;
+        if (sscanf(value_str.c_str(), "%u", &temp_size) != 1) {
           *error = HE_PROTOCOL;
           return PR_COMPLETE;
         }
-	data_size_ = static_cast<size_t>(temp_size);
+        data_size_ = static_cast<size_t>(temp_size);
       } else if (MatchHeader(line, nlen, HH_TRANSFER_ENCODING)) {
         if ((vlen == 7) && (_strnicmp(value, "chunked", 7) == 0)) {
           chunked_ = true;
diff --git a/tools/valgrind-webrtc/memcheck/suppressions.txt b/tools/valgrind-webrtc/memcheck/suppressions.txt
index 4e78a92d0..49667ed2e 100644
--- a/tools/valgrind-webrtc/memcheck/suppressions.txt
+++ b/tools/valgrind-webrtc/memcheck/suppressions.txt
@@ -917,27 +917,6 @@
    fun:BIO_new_mem_buf
    fun:_ZN9talk_base15OpenSSLIdentity14FromPEMStringsERKSsS2_
 }
-# For sscanf
-{
-   sscanf_1
-   Memcheck:Uninitialized
-   fun:__GI___rawmemchr
-   fun:_IO_str_init_static_internal
-   fun:vsscanf
-   fun:sscanf
-   fun:_ZN9talk_base16HttpResponseData11parseLeaderEPKcm
-   ...
-}
-{
-   sscanf_2
-   Memcheck:Uninitialized
-   fun:__GI___rawmemchr
-   fun:_IO_str_init_static_internal
-   fun:vsscanf
-   fun:sscanf
-   fun:_ZN9talk_base15HttpRequestData11parseLeaderEPKcm
-   ...
-}
 # For HttpServer.SignalsCloseAfterForcedCloseAll
 {
    SignalsCloseAfterForcedCloseAll