[sr-dev] possible bug in parser/parse_event.c
Jan Janak
jan at ryngle.com
Sun Oct 18 20:27:56 CEST 2009
On Sun, Oct 18, 2009 at 12:46 PM, Juha Heinanen <jh at tutpro.com> wrote:
> looks like sr parser/parse_event.c has the same bug that i found in
> opensips although the implementations are different.
>
> after statement
>
> end = skip_token(tmp.s, tmp.len);
>
> end points to next char after event string.
>
> then end is assigned to tmp.s
>
> tmp.s = end;
>
> and after that if statement compares this next char to ';':
>
> if (tmp.s[0] == ';') {
>
> which looks wrong to me, because that char can be anything if event does
> not have any params.
>
> perhaps someone else can recheck if i'm right or wrong.
Yes, I think this is a bug. The bug won't be triggered if event_parser
is only called from parse_event, but given that some modules use
event_parser directly, it can happen that it will try to read a
character which does not belong to the string given in arguments
anymore.
I will fix it, thanks.
-- Jan
More information about the sr-dev
mailing list