From feabec39027d83cea734d9aa40c4ab5f0f4770e4 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 6 Aug 2008 14:37:09 +0000 Subject: [PATCH] * modules/ssl/ssl_engine_io.c (char_buffer_read): Use memmove in place of memcpy since the buffers can overlap; add explanatory comment. PR: 45444 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@683280 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_io.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 6997a9de43..2554edddca 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -336,6 +336,13 @@ typedef struct { * this char_buffer api might seem silly, but we don't need to copy * any of this data and we need to remember the length. */ + +/* Copy up to INL bytes from the char_buffer BUFFER into IN. Note + * that due to the strange way this API is designed/used, the + * char_buffer object is used to cache a segment of inctx->buffer, and + * then this function called to copy (part of) that segment to the + * beginning of inctx->buffer. So the segments to copy cannot be + * presumed to be non-overlapping, and memmove must be used. */ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl) { if (!buffer->length) { @@ -344,13 +351,13 @@ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl) if (buffer->length > inl) { /* we have have enough to fill the caller's buffer */ - memcpy(in, buffer->value, inl); + memmove(in, buffer->value, inl); buffer->value += inl; buffer->length -= inl; } else { /* swallow remainder of the buffer */ - memcpy(in, buffer->value, buffer->length); + memmove(in, buffer->value, buffer->length); inl = buffer->length; buffer->value = NULL; buffer->length = 0; -- 2.40.0