[Bugreport] Misuse of vector.resize in Request.resize() #119

vrqq · 2019-08-06T13:13:25Z

Lines 731 to 734 in e461b52

    
           void resize(size_t size) { 
        
           	copy_method_url(); 
        
           	buf_.resize(size); 
        
           }

I saw a lot of reference on the pointer request.buf_.data() in source code.
But you also use vector.resize() here, that may cause memory reallocation.

(￣▽￣")

The text was updated successfully, but these errors were encountered:

qicosmos · 2019-08-07T09:41:30Z

在resize之前已经把需要拷贝出来的东西都拷贝了。

vrqq · 2019-08-07T12:54:27Z

READ of size 1 at 0x61d00000fabe thread T6
    #0 0x761da6 in cinatra::iequal(char const*, unsigned long, char const*) 
    #1 0x778459 in cinatra::request::get_header_value(std::basic_string_view<char, std::char_traits<char> >) const
    #2 ......
SUMMARY: AddressSanitizer: heap-use-after-free in cinatra::iequal(char const*, unsigned long, char const*)

cinatra/include/cinatra/request.hpp

Lines 53 to 56 in e461b52

    
           header_len_ = phr_parse_request(buf_.data(), cur_size_, &method_, 
        
           	&method_len_, &url_, &url_len_, 
        
           	&minor_version_, headers_, &num_headers_, last_len);

You may forgot that struct phr_header headers_[32];

qicosmos · 2019-08-09T03:57:38Z

谢谢你指出这个问题，我已经增加了拷贝header了，可以保证resize的时候信息不会丢掉。

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bugreport] Misuse of vector.resize in Request.resize() #119

[Bugreport] Misuse of vector.resize in Request.resize() #119

vrqq commented Aug 6, 2019

qicosmos commented Aug 7, 2019

vrqq commented Aug 7, 2019

qicosmos commented Aug 9, 2019

[Bugreport] Misuse of vector.resize in Request.resize() #119

[Bugreport] Misuse of vector.resize in Request.resize() #119

Comments

vrqq commented Aug 6, 2019

qicosmos commented Aug 7, 2019

vrqq commented Aug 7, 2019

qicosmos commented Aug 9, 2019