[omniORB] bug in omniORB4 Windows registry code
Norrie Quinn
norrie.quinn@tumbleweed.com
Thu Jun 27 00:44:00 2002
We accidentally hit this memory corruption bug when any omniORB4 registry
value is empty. The call to strlen() returns 0 causing the '\0' to be
assigned elsewhere.
diff -c -r1.1.1.1 orbOptionsReg.cc
*** orbOptionsReg.cc 4 Apr 2002 22:48:13 -0000 1.1.1.1
--- orbOptionsReg.cc 26 Jun 2002 23:22:35 -0000
***************
*** 172,190 ****
while ( isspace(*p) )
p++;
key = p;
! p += strlen(key) - 1;
! while ( isspace(*p) )
! p--;
! *(++p) = '\0';
p = valuebuf;
while ( isspace(*p) )
p++;
value = p;
! p += strlen(value) - 1;
! while ( isspace(*p) )
! p--;
! *(++p) = '\0';
return 1;
}
--- 172,194 ----
while ( isspace(*p) )
p++;
key = p;
! if ( *p != '\0' ) {
! p += strlen(key) - 1;
! while ( isspace(*p) )
! p--;
! *(++p) = '\0';
! }
p = valuebuf;
while ( isspace(*p) )
p++;
value = p;
! if ( *p != '\0' ) {
! p += strlen(value) - 1;
! while ( isspace(*p) )
! p--;
! *(++p) = '\0';
! }
return 1;
}
Regards
Norrie
_______________________________________________________________
Norrie Quinn 650 216 2533
Tumbleweed Communications Corp. norrie.quinn@tumbleweed.com