Namazu-users-en(old)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access Violation on nmz_get_field_data



NOKUBI Takatsugu wrote:

Your suspection is roughly right, but not for field name. According to nmz/field.c, nmz_get_field_data is defined like the following:

void
nmz_get_field_data(int idxid, int docid, const char *field, char *data)

So you can use constant string as field argument. I maintain
Search::Namazu perl module and it also uses constant string.
You can see it via ViewCVS:
http://cvs.namazu.org/Search-Namazu/Namazu.xs?rev=1.18&content-type=text/vnd.viewcvs-markup

Sorry for lack of documents about the library. I need more description
about it but I have my hands full...


Understood. Thanks for the information. I believe the issue is in nmz/field.c around line 182:


if (idxid == fc[i].idxid && docid == fc[i].docid &&
strcmp(tmpfield, fc[i].field) == 0)
{ /* cache hit! */
nmz_debug_printf("field cache [%s] hit!\n", tmpfield);
strncpy(data, fc[i].data, BUFSIZE - 1); /* data length should be BUFSIZE - 1 */
return;
}


The strncpy statement implies that data is of size BUFSIZE (which I believe was a buffer overflow fix). If data is less than that (which was my case), then it will be overwritten by 0's, but only if there is a cache hit, like in the second search (which was my case).

I can't think of a good fix that does not involve passing the size of data as a function parameter. Maybe somebody else can. For now, I will just make data[BUFSIZE]. =)

	-Carlos