DC++

crash if seeker.size() < 4

Bug #1309390 reported by pavel pimenov on 2014-04-18

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	DC++	Fix Released	Critical	Unassigned

Bug Description

FlylinkDC++ r5xx ~230 crash if seeker.size() < 4

http://yadi.sk/d/WtdtH7BGMhYsP - seeker = ":0" !

Crash dump:
https://crash-server.com/Problem.aspx?ClientID=ppa&ProblemID=64297
https://crash-server.com/Problem.aspx?ClientID=ppa&ProblemID=63507

hot fix for original DC++:

diff -r f0b0e8d11291 dcpp/NmdcHub.cpp
--- a/dcpp/NmdcHub.cpp Thu Apr 17 12:46:07 2014 +0300
+++ b/dcpp/NmdcHub.cpp Fri Apr 18 12:03:48 2014 +0400
@@ -262,7 +262,8 @@
                        }
                } else {
                        // Hub:seeker
- if(Util::stricmp(seeker.c_str() + 4, getMyNick().c_str()) == 0) {
+ if(seeker.size() > 4 &&
+ Util::stricmp(seeker.c_str() + 4, getMyNick().c_str()) == 0) {
                                return;
                        }
                }

Revision history for this message

poy (poy) wrote on 2014-04-27:

simple test-case: send "$Search S |".

Revision history for this message

poy (poy) wrote on 2014-04-27:

fixed in rev 1d751b2467b5 of the default branch and rev 979b99db8008 of the 0.840 branch.

Changed in dcplusplus:
importance:	Undecided → Critical
status:	New → Fix Committed

Revision history for this message

eMTee (realprogger) wrote on 2014-05-02:

Fixed in DC++ 0.843.

Changed in dcplusplus:
status:	Fix Committed → Fix Released

eMTee (realprogger) on 2021-11-18

information type:

Private Security → Public

cologic (cologic) on 2021-11-18

information type:

Public → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.