http2: avoid strstr() on data not zero terminated #2513

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant
@bagder
Member

bagder commented Apr 20, 2018

It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

http2: avoid strstr() on data not zero terminated
It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

@bagder bagder added the HTTP/2 label Apr 20, 2018

@bagder bagder closed this in 1514c44 Apr 20, 2018

@bagder bagder deleted the bagder/http2-avoid-strstr-on-data branch Apr 20, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment