Details
-
Bug
-
Resolution: Fixed
-
Minor
-
2.0-beta
-
Security Level: Public
-
None
Description
From looking at the code producing one of the entries in the log I spotted the following piece of code:
session_stats.open(fname.c_str(), ios::binary);
session_stats.seekg (0, ios::end);
int flen = session_stats.tellg();
session_stats.seekg (0, ios::beg);
buffer = new char[flen];
session_stats.read(buffer, flen);
tellg will return -1 if an error occurs causing us to try to allocate a lot of memory.. In addition we should probably check the number of bytes read and verify that the last byte we read is a zero termination of the string, otherwise the next line of code will cause us to access data outside the allocated area:
cJSON *json_obj = cJSON_Parse(buffer);