Hi, On Wed, 2020-06-17 at 00:25 +0200, Mark Wielaard wrote: > Although we check for and/or create the interval_path right before, > there is still a possibility that the fopen call fails. Handle that > as if the file is unreadable.
On Wed, 2020-06-17 at 00:25 +0200, Mark Wielaard wrote: > We need to make sure that we can always place a zero terminator at > the end of suffix when we are copying the filename. So add one more > char to the suffix array. And make sure that we can always add an > extra escape character when we need to escape the current character. On Wed, 2020-06-17 at 00:25 +0200, Mark Wielaard wrote: > When is debuginfod_query_server is given an hexadecimal string as > build-id build_id_len will be zero. We were checking the size of > the build_id_bytes destination string instead of the string length > of build_id input string. Make sure the input string is not too > big or strcpy might overwrite then end of the build_id_bytes array. On Wed, 2020-06-17 at 00:25 +0200, Mark Wielaard wrote: > When allocating handle_data we should check for out of memory failures. > Also when the allocation has succeeded make sure we always clean up by > going to out1 on any future errors. So move the curl_multi_init call > earlier, because that goes to out0 on failure. Aaron was nice enough to review these debuginfod related fixes (off- list). Pushed all 4 to master now. Cheers, Mark
