diff options
| author | joeh <joeh@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2001-04-10 21:36:21 +0000 |
|---|---|---|
| committer | joeh <joeh@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2001-04-10 21:36:21 +0000 |
| commit | 16be89a16fc2bcd41a34b70810b1023ec751b02f (patch) | |
| tree | b8e1f98dacbc0f0447cc508f65373b4ab0907fe3 /ace/CDR_Stream.cpp | |
| parent | f6abbf12e8644d28d808c497a2bfd679029c4170 (diff) | |
| download | ATCD-16be89a16fc2bcd41a34b70810b1023ec751b02f.tar.gz | |
Tue Apr 10 16:33:42 2001 Joe Hoffert <joeh@cs.wustl.edu>
Diffstat (limited to 'ace/CDR_Stream.cpp')
| -rw-r--r-- | ace/CDR_Stream.cpp | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/ace/CDR_Stream.cpp b/ace/CDR_Stream.cpp index a7b5f27eb11..2009e3f983b 100644 --- a/ace/CDR_Stream.cpp +++ b/ace/CDR_Stream.cpp @@ -652,7 +652,10 @@ ACE_InputCDR::read_string (char *&x) ACE_CDR::ULong len; this->read_ulong (len); - if (len > 0) + // A check for the length being too great is done later in the + // call to read_char_array but we want to have it done before + // the memory is allocated. + if (len > 0 && len <= this->length()) { ACE_NEW_RETURN (x, ACE_CDR::Char[len], @@ -661,6 +664,16 @@ ACE_InputCDR::read_string (char *&x) return 1; delete [] x; } + else if (len == 0) + { + // Convert any null strings to empty strings since empty + // strings can cause crashes. (See bug 58.) + ACE_NEW_RETURN (x, + ACE_CDR::Char[1], + 0); + ACE_OS::strcpy(x, ""); + return 1; + } x = 0; return 0; @@ -692,7 +705,10 @@ ACE_InputCDR::read_wstring (ACE_CDR::WChar*& x) ACE_CDR::ULong len; this->read_ulong (len); - if (this->good_bit()) + // A check for the length being too great is done later in the + // call to read_char_array but we want to have it done before + // the memory is allocated. + if (len > 0 && len <= this->length()) { ACE_NEW_RETURN (x, ACE_CDR::WChar[len], @@ -702,6 +718,17 @@ ACE_InputCDR::read_wstring (ACE_CDR::WChar*& x) delete [] x; } + else if (len == 0) + { + // Convert any null strings to empty strings since empty + // strings can cause crashes. (See bug 58.) + ACE_NEW_RETURN (x, + ACE_CDR::WChar[1], + 0); + ACE_OS::memcpy(x, "", 2); + return 1; + } + x = 0; return 0; } @@ -715,6 +742,7 @@ ACE_InputCDR::read_array (void* x, if (length == 0) return 1; char* buf; + if (this->adjust (size * length, align, buf) == 0) { #if defined (ACE_DISABLE_SWAP_ON_READ) @@ -757,6 +785,11 @@ ACE_CDR::Boolean ACE_InputCDR::read_boolean_array (ACE_CDR::Boolean *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + // It is hard to optimize this, the spec requires that on the wire // booleans be represented as a byte with value 0 or 1, but in // memoery it is possible (though very unlikely) that a boolean has |