Backported of: From c1bee7319a8b9e0d38f1988d70dc4fa5c52b83d1 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 30 Apr 2019 11:15:06 +0100 Subject: [PATCH] Avoid null pointer exception due to NULL return value from strchr. This fixes #793. diff --git a/src/http.cpp b/src/http.cpp index b8a429b..9c76f99 100644 --- a/src/http.cpp +++ b/src/http.cpp @@ -339,10 +339,14 @@ int Exiv2::http(dict_t& request,dict_t& response,std::string& errors) // search for the body for ( size_t b = 0 ; bSearching && b < lengthof(blankLines) ; b++ ) { - if ( strstr(buffer,blankLines[b]) ) { + const char* blankLinePos = strstr(buffer,blankLines[b]); + if ( blankLinePos ) { bSearching = false ; - body = (int) ( strstr(buffer,blankLines[b]) - buffer ) + strlen(blankLines[b]) ; - status = atoi(strchr(buffer,' ')) ; + body = blankLinePos - buffer + strlen(blankLines[b]); + const char* firstSpace = strchr(buffer,' '); + if (firstSpace) { + status = atoi(firstSpace); + } } } @@ -352,9 +356,19 @@ int Exiv2::http(dict_t& request,dict_t& response,std::string& errors) char N = '\n'; int i = 0 ; // initial byte in buffer while(buffer[i] == N ) i++; - h = strchr(h+i,N)+1; + h = strchr(h+i,N); + if (!h) { + status = 0; + break; + } + h++; response[""]=std::string(buffer+i).substr(0,h-buffer-2); - result = atoi(strchr(buffer,' ')); + const char* firstSpace = strchr(buffer,' '); + if ( !firstSpace ) { + status = 0; + break; + } + result = atoi(firstSpace); char* c = strchr(h,C); char* n = strchr(h,N); while ( c && n && c < n && h < buffer+body ) {