You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if ((len = getSn_RX_RSR(s)) > 0)
{
if (len > DATA_BUF_SIZE) len = DATA_BUF_SIZE;
len = recv(s, (uint8_t *)http_request, len);
*(((uint8_t *)http_request) + len) = '\0';
The bug is that the variable http_request contains a pointer to receive buffer with DATA_BUF_SIZE elements.
So if len is set to DATA_BUF_SIZE then the last line would write to data which does not belong to http_request buffer.
So it's an invalid memory write in essence.
The text was updated successfully, but these errors were encountered:
Dear WizNet developers,
I think I found a code bug in file Internet/httpServer/httpServer.c at line 149 onwards:
The bug is that the variable http_request contains a pointer to receive buffer with DATA_BUF_SIZE elements.
So if len is set to DATA_BUF_SIZE then the last line would write to data which does not belong to http_request buffer.
So it's an invalid memory write in essence.
The text was updated successfully, but these errors were encountered: