Georg Sauthoff

Actually, the code doesn't update the begin of the buffer and buff.read is just a position between buffer begin and buff.size. Hopefully the last iteration: --- a/src/lexer.c +++ b/src/lexer.c @@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff) byte *buf = buff->t.u.text; if (memcmp(buf + count - 2, CRLF, 2) == 0) { count --; + --buff->t.leng; *(buf + count - 1) = (byte) '\n'; } } @@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size) while ((cnt = get_decoded_line(&buff))...

Fix out-of-bounds read in spanword

Fix memory-leak in db_open()

The above breaks the t.passthrough-hb test case (cf. make check) because there is one adjustment in get_decoded_line() missing. This improved patch fixes make check again and the original issue: --- a/src/lexer.c +++ b/src/lexer.c @@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff) byte *buf = buff->t.u.text; if (memcmp(buf + count - 2, CRLF, 2) == 0) { count --; + --buff->t.leng; *(buf + count - 1) = (byte) '\n'; } } @@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size)...

Actually, the change isn't sufficient in all cases: --- a/src/lexer.c +++ b/src/lexer.c @@ -334,7 +334,7 @@ int yyinput(byte *buf, size_t used, size_t size) while ((cnt = get_decoded_line(&buff)) != 0) { if (cnt > 0) - count += cnt; + count = cnt; /* Note: some malformed messages can cause xfgetsl() to report ** "Invalid buffer size, exiting." and then abort. This I've attached another minimized example that invokes an out-of-bounds memmove() with that patch. This should cover both cases: --- a/src/lexer.c...

Fix heap-buffer-overlow after decoding long tokens

I would implement it like this: compile the different backends as shared objects depending on the configuration load the default/specified backend with dlopen Then declare the backend API functions as weak in the executables such that they can be directly called - i.e. after the dlopen. This also allows for linking the binaries without the definitions of those functions being available. A more conservative appraoch (for platforms without weak symbols): have some global struct with function pointers...

See also bug #123 for a follow-up patch that eliminates the memcpy.