The following code in FIX::Parser::allocate causes a UMR
(uninitialized memory read) and/or an ABR (array bounds read) under
Purify.
if( m_readBuffer && m_bufferSize )
{
strncpy (newBuffer, m_readBuffer, length); // ABR/UMR here
newBuffer[length] = '\0';
delete [] m_readBuffer;
}
When Parser::readFromStream calls this, it has not yet nul-terminated
m_readBuffer, so the strncpy call is straying past the end of the
allocated storage. The code should instead look like:
if (m_readBuffer && m_bufferSize)
{
memcpy (newBuffer, m_readBuffer, m_bufferSize);
newBuffer[m_bufferSize] = '\0';
delete [] m_readBuffer;
}
Also, in socket_init in Utility.cpp, the struct sigaction sa is not
initialized, which causes a UMR. Changing the code to:
struct sigaction sa = {0};
fixes that problem.
--
Caleb Epstein
cal...@gm...
|
