[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#192225: string::string(const char *) called with non-null-terminated string

Package: apt
Version: 0.5.4 (and current CVS)
Severity: normal
Tags: patch


There's a bug in ReadMessages() in apt-pkg/contrib/strutl.cc where the
string::string(const char *) constructor gets called with a
non-null-terminated string.

There are three kinds of relevant (to this code) string constructors:

1. string::string(const char *, size_type n)
2. string::string(const string&, size_type pos, size_type n)
3. string::string(const char *)

The first one is obviously the intended one here, but because of the
second parameter the second one gets called.  First, of course, a
temporary string object is created using the the third kind of
constructor, which assumes the parameter is a null-terminated string.
Here however it isn't.

Attached is a patch against the current CVS (1.47).


Index: apt-pkg/contrib/strutl.cc
RCS file: /cvs/deity/apt/apt-pkg/contrib/strutl.cc,v
retrieving revision 1.47
diff -u -r1.47 strutl.cc
--- apt-pkg/contrib/strutl.cc	2 Feb 2003 22:20:27 -0000	1.47
+++ apt-pkg/contrib/strutl.cc	6 May 2003 23:57:51 -0000
@@ -652,7 +652,7 @@
 	 // Pull the message out
-	 string Message(Buffer,0,I-Buffer);
+	 string Message(Buffer,I-Buffer);
 	 // Fix up the buffer
 	 for (; I < End && *I == '\n'; I++);

Reply to: