Possible crash in CAtlHttpClientT


If a binary file is being downloaded using chunked Transfer-Encoding, and the binary file contains a null character, this line in ReadChunkedBody will only append some of the result_buffer to m_current, because Append with no length uses strlen, which will stop at the null. Later attempts to use m_current can cause access violations because GetBodyLength() still returns the actual download size.
if (!m_current.Append((LPCSTR)result_buffer))
    return false;
Changing it to this, fixes the problem:
if ( !m_current.Append((LPCSTR)result_buffer, result_buffer.GetLength()) )
    return false;
Not a bug, but I also added this code in ReadChunkedBody just after a successful Read so that callback clients will get feedback during a chunked download.
            if (m_pNavData->pfnReadStatusCallback)
                bool bRet = m_pNavData->pfnReadStatusCallback(dwReadBuffSize, m_pNavData->m_lParamRead);
                if (!bRet)
                    return bRet;

file attachments


asalamon wrote May 20, 2011 at 7:57 PM

Apparently this was reported as far back as 2002 and still hasn't been fixed:

wrote Feb 14, 2013 at 8:57 PM