On 04 Oct 2015, at 11:22, Holger Hans Peter Freyther holger@freyther.de wrote:
uint8_t allocated_cid;
...
- endp->osmux.allocated_cid = -1;
that doesn't mix too well. This means I assigned 255 to the value and then we have the next funny business in:
char osmux_extension[strlen("X-Osmux: 255")];
buf[0] = buf[39] = '\0'; ret = sscanf(tok, "%*s %s", buf); if (ret != 1) { LOGP(DMGCP, LOGL_ERROR, "Failed to find Endpoint in: %s\n", tok); return; }
if (osmux_cid >= 0) sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid);
1.) osmux_extension doesn't account for the \n 2.) osmux_extension doesn't account for the \0 at the end of the string 3.) we use '%u' so nothing in this method checks if this is a uint8_t.
I will increase the buffer a bit. This would have started to crash on tripple digit osmux cid's (so on setup of the 101st call).
holger