-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove strlen call from Curl_client_write. #6954
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is good. Just one little improvement suggestion!
@@ -616,8 +616,6 @@ CURLcode Curl_client_write(struct Curl_easy *data, | |||
size_t len) | |||
{ | |||
struct connectdata *conn = data->conn; | |||
if(0 == len) | |||
len = strlen(ptr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about also adding...
DEBUGASSERT(len);
... to better catch mistakes at least in debug-builds.
Good call on that assert. Looks like the fuzzer caught something on it:
|
I think it highlights a genuine bug where the code passes on a zero but didn't intend a diff --git a/lib/transfer.c b/lib/transfer.c
index 56ad5e612..c31e22e00 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -828,21 +828,21 @@ static CURLcode readwrite_data(struct Curl_easy *data,
error here, be sure to check over the almost identical code
in http_chunks.c.
Make sure that ALL_CONTENT_ENCODINGS contains all the
encodings handled here. */
if(data->set.http_ce_skip || !k->writer_stack) {
- if(!k->ignorebody) {
+ if(!k->ignorebody && nread) {
#ifndef CURL_DISABLE_POP3
if(conn->handler->protocol & PROTO_FAMILY_POP3)
result = Curl_pop3_write(data, k->str, nread);
else
#endif /* CURL_DISABLE_POP3 */
result = Curl_client_write(data, CLIENTWRITE_BODY, k->str,
nread);
}
}
- else if(!k->ignorebody)
+ else if(!k->ignorebody && nread)
result = Curl_unencode_write(data, k->writer_stack, k->str, nread);
}
k->badheader = HEADER_NORMAL; /* taken care of now */
if(result) |
Your proposed fix looks good to me. Thanks for spotting that. I've been trying to get the curl-fuzzer repo running, but hitting errors with |
Feel free to add that patch as a commit here so that we can see if there seems to be any remaining flaws to fix. |
Another fuzz failure, this time in
|
At all call sites with an explicit 0 len, pass an appropriate nonzero len.
Thanks! |
At all call sites with an explicit 0 len, pass an appropriate nonzero len.
Fixes #6952