diff options
| author | Wladimir J. van der Laan <[email protected]> | 2017-10-02 14:46:16 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2017-10-02 14:46:47 +0200 |
| commit | 10bee0dd4f37eb6cb7a0f1d565fa0fecf8109c35 (patch) | |
| tree | 3bbece4ac1b0adf8ce150157902c258754922502 /src/httpserver.cpp | |
| parent | Merge #11422: qa: Verify DBWrapper iterators are taking snapshots (diff) | |
| parent | Fix invalid memory access in CScript::operator+= (diff) | |
| download | discoin-10bee0dd4f37eb6cb7a0f1d565fa0fecf8109c35.tar.xz discoin-10bee0dd4f37eb6cb7a0f1d565fa0fecf8109c35.zip | |
Merge #11284: Fix invalid memory access in CScript::operator+= (guidovranken, ajtowns)
d601f16 Fix invalid memory access in CScript::operator+= (Anthony Towns)
Pull request description:
This is a fix for #11114 -- invoking "s += s" gets turned into "s.insert(s.end(), s.begin(), s.end())" which can result in an invalid memory access is s.capacity() < 2*s.size() (because s gets resized and possibly moved, so s.begin() and s.end() become invalid references when reading the values to be appended).
The fix is straightforward: reserve enough space in advance, so that insert() doesn't need to resize and thus its arguments remain valid.
A simple test case is added as well; though you probably need to run it via valgrind to actually catch the problem when it's not fixed...
Tree-SHA512: 4720d0c17463fdc43b344c45fe603423d20b30d48da1b9d85eeedc505d7f34db1ed5495ef1556459ae962a94717e3c6e8fc441763771901efea210d01322b7ef
Diffstat (limited to 'src/httpserver.cpp')
0 files changed, 0 insertions, 0 deletions