[bug-cgicc] Bug Submission

[Jeremy Dickman]

Sir / Madam

 

I believe I have come across a bug in cgicc-3.2.3.

 

In file CgiEnvironment.cpp, lines 77, 81 & 85, there is some code using &data[0] where data was previously defined as a vector of char’s, who’s size is initialised with getContentLength(). If that function returns 0 then the code at lines 77, 81 & 85 crashes because it’s trying to reference item 0 of the vector when the vector itself is empty.

 

Thus, when getContentLength() returns 0, these lines (indicated in red below) cause a crash

 

    // Don't use auto_ptr, but vector instead

    // Bug reported by address@hidden

    std::vector<char> data(getContentLength());

   

    // If input is 0, use the default implementation of CgiInput

    if(input == 0) {

      if(local_input.read(&data[0],getContentLength()) != getContentLength())   ß *** Crash!

       throw std::runtime_error("I/O error");

    }

    else {

      if(input->read(&data[0], getContentLength()) != getContentLength())   ß *** Crash!

       throw std::runtime_error("I/O error");

    }

 

    fPostData = std::string(&data[0], getContentLength());   ß *** Crash!

 

 

This crash occurred on my Windows system. I had a web page that called “submit” on my CGI script programmatically, without sending any form data. Thus, the CGI content was empty, which explains why getContentLength returned 0.

 

Hope this helps?

 

By the way, cgicc is an excellent package and I’ve found it very useful and easy to use. Keep up the good work.

 

Regards

 

Jeremy C Dickman