Re: [libmicrohttpd] [SSL-Example] load_file(), terminate c-string with a null-character?

Wed, 24 Aug 2016 05:39:03 -0700 

Hi!

I think this is the one that was already fixed in SVN 36923 on Feb 29th
2016.  However, we failed to update the Web site version since, so I
should fix that...

-Christian

On 08/24/2016 02:31 PM, Weber, Peter (Wilken Software Engineering GmbH)
wrote:
> Hello!
> 
> I've used the example code from the PDF-Tutorial[1] and from the
> website [2] to build the foundation for the application im currently
> developing. Finally Valgrind reported an error "Invalid read of size 1"
> (valgrind --leak-check=yes ./yourapplication).
> 
> Maybe I'm wrong. I think the returned C-String should be terminated by
> the famous Null-Character, and therefore we also need to extend the
> allocated buffer from the heap by one byte.
> 
> Original-Code:
> -----------------------------------------------------------------------
> static char *
> load_file (const char *filename)
> {
>   FILE *fp;
>   char *buffer;
>   long size;
> 
>   size = get_file_size (filename);
>   if (size == 0)
>     return NULL;
> 
>   fp = fopen (filename, "rb");
>   if (!fp)
>     return NULL;
> 
>   buffer = malloc (size);
>   if (!buffer)
>     {
>       fclose (fp);
>       return NULL;
>     }
> 
>   if (size != fread (buffer, 1, size, fp))
>     {
>       free (buffer);
>       buffer = NULL;
>     }
> 
>   fclose (fp);
>   return buffer;
> }
> -----------------------------------------------------------------------
> Patch:
> -----------------------------------------------------------------------
> --- load_file.c 2016-08-24 14:27:51.871565051 +0200
> +++ new_load_file.c     2016-08-24 14:29:33.441565410 +0200
> @@ -13,7 +13,7 @@
>    if (!fp)
>      return NULL;
>  
> -  buffer = malloc (size);
> +  buffer = malloc (size + 1);
>    if (!buffer)
>      {
>        fclose (fp);
> @@ -26,6 +26,8 @@
>        buffer = NULL;
>      }
>  
> +  // null-termination of c-string
> +  buffer[size] = '\0';
>    fclose (fp);
>    return buffer;
>  }
> -----------------------------------------------------------------------
> 
> 
> 
> Thanks for your patience with me.
> Peter
> 
> [1]https://www.gnu.org/software/libmicrohttpd/tutorial.pdf
> [2]https://www.gnu.org/software/libmicrohttpd/tutorial.html#tlsauthenti
> cation_002ec
>

Attachment: 0xE29FC3CC.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to