< Previous by Date Date Index Next by Date >
  Thread Index  

[reSIProcate] Bug in ParseBuffer::qVal


Relevant code:

*snip*
      if (*mPosition == '.')
      {
         skipChar();
         
         int i = 100;
         while(isdigit(*mPosition) && i)
         {
            num += (*mPosition-'0') * i;
            i /= 10;
            skipChar();
         }
      }

*snip*

In the event that the q-value is in a copied HeaderFieldValue, we have no guarantee of what character lies at the end of the buffer (since the CRLF is not part of the HeaderFieldValue, when a HeaderFieldValue is copied, anything could be there). So, it is possible for this character to be a digit, although it lies past the end of the buffer. We should put a check for !eof() in the if clause.

Best regards,
Byron Campen