[zeromq-dev] crash in send_unsubscription
Martin Hurton
hurtonm at gmail.com
Thu Apr 11 23:18:50 CEST 2013
Hi Katerina,
> Has anybody else seen this and is this a bug that should be fixed? The data
> is NULL and size_ is 0.
Just curious, what OS and C library are you using?
> void zmq::xpub_t::send_unsubscription (unsigned char *data_, size_t size_,
>
> void *arg_)
>
> {
>
> xpub_t *self = (xpub_t*) arg_;
>
>
>
> if (self->options.type != ZMQ_PUB) {
>
>
>
> // Place the unsubscription to the queue of pending
> (un)sunscriptions
>
> // to be retrived by the user later on.
>
> blob_t unsub (size_ + 1, 0);
>
> unsub [0] = 0;
>
> if (size_ > 0) <ß-- Added check to prevent crash
>
> memcpy (&unsub [1], data_, size_); <ß---------------
>
> self->pending.push_back (unsub);
>
> }
>
> }
>
I think we should check for NULL pointers even when n is zero.
Could you please create a pull request so we can merge this? Thanks.
- Martin
More information about the zeromq-dev
mailing list