INF_* functions may invalidate the whole output buffer with isc_info_truncated at the beginning due to boundary condition. [CORE2313] #2737
Submitted by: Claudio Valderrama C. (robocop)
Assigned to: Claudio Valderrama C. (robocop)
In FB1, I noticed that INF_put_item may put the requested item but without leaving any space for isc_info_end and thus returning a malformed buffer to the user, that may eventually crash while finding the end of the binary string. Hence, I made INF_put_item check for one byte more of space before writing, otherwise putting isc_info_truncated and nothing more. This change avoided cluttering the code in the INF_* functions with checks and it worked well in FB1.0, FB1.5 and FB2.0.
The text was updated successfully, but these errors were encountered: