Custom Query (101 matches)
Results (34 - 36 of 101)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#87 | fixed | Segmentation fault in updateStatus method | Knut Landmark | |
Description |
The Zoo kernel provides the option to store a status message in shared memory along with the status value (i.e. the progress in percent), see this ticket: http://zoo-project.org/trac/ticket/81. However, the current implementation of updateStatus (service_internal.c, revision # 452) does not check if getMapFromMaps(conf,"lenv","message") returns NULL. A segmentation fault occurs (line 115) if a message value has not been set in the service code before a call to updateStatus: // OK: setMapInMaps( conf, "lenv", "status", "99" ); setMapInMaps( conf, "lenv", "message", "Progress: 99%" ); updateStatus( conf ); // Segmentation fault: setMapInMaps( conf, "lenv", "status", "99" ); updateStatus( conf ); (Tested on a Window 7 system.) |
|||
#89 | fixed | Memory buffer overflow | Knut Landmark | |
Description |
The following code in service_internal.c (from line 2006, revision 456) generates errors (on Windows 7 platform) due to insufficient memory allocation (malloc needs to allocate bytes for the forward slash characters in the URLs, lines 2007 and 2010). if(strncasecmp(tmp2->value,"http://",7)==0){ file_url=(char*)malloc((strlen(tmp2->value)+strlen(file_name))*sizeof(char)); sprintf(file_url,"%s/%s",tmp2->value,file_name); }else{ file_url=(char*)malloc((strlen(tmp3->value)+strlen(tmp2->value)+strlen(file_name))*sizeof(char)); sprintf(file_url,"%s/%s/%s",tmp3->value,tmp2->value,file_name); } Possibly, the if statement should also be modified to take into account the https protocol. |
|||
#92 | fixed | Unintended pointer incrementation in function outputResponse | Knut Landmark | |
Description |
The following clause in function outputResponse (zoo-kernel/service_internal.c, rev. 459, line 1998 ) causes unexpected behavior: if(lenv!=NULL){ tmp0=(char*)malloc((strlen(lenv->value)+strlen(_("Unable to run the Service. The message returned back by the Service was the following: "+1)))*sizeof(char)); sprintf(tmp0,_("Unable to run the Service. The message returned back by the Service was the following: %s"),lenv->value); } The const char* argument to strlen is incremented by +1, whereas the intention is to allocate an additional byte. Line 1999 should presumably be written tmp0=(char*)malloc((strlen(lenv->value)+strlen(_("Unable to run the Service. The message returned back by the Service was the following: "))+1)*sizeof(char)); |