Commit fe39c7da by Nils Goroll

Specifically check if the backref'ed substring lives on the workspaces

Because we don't copy the subject's terminating null byte, we can't use
strlen().

Fixes #4
parent 103dcc71
......@@ -217,7 +217,6 @@ backref(VRT_CTX, VCL_INT refnum, VCL_STRING fallback, struct vmod_priv *task)
WS_Assert_Allocated(ctx->ws, task->priv, sizeof(*ov));
CAST_OBJ(ov, task->priv, OV_MAGIC);
WS_Assert_Allocated(ctx->ws, ov->subject, strlen(ov->subject));
refnum <<= 1;
assert(refnum + 1 < MAX_OV_USED);
......@@ -225,7 +224,8 @@ backref(VRT_CTX, VCL_INT refnum, VCL_STRING fallback, struct vmod_priv *task)
return fallback;
len = ov->ovector[refnum+1] - ov->ovector[refnum];
assert(len <= strlen(ov->subject + ov->ovector[refnum]));
assert(len <= ov->ovector[1] - ov->ovector[0]);
WS_Assert_Allocated(ctx->ws, ov->subject + ov->ovector[refnum], len);
substr = WS_Printf(ctx->ws, "%.*s", len,
ov->subject + ov->ovector[refnum]);
if (substr == NULL) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment