From f524630f1a5bb827e280a9ce2ef00e71df21038b Mon Sep 17 00:00:00 2001 From: Stephen Heumann Date: Fri, 19 Apr 2019 17:34:18 -0500 Subject: [PATCH] Work around Marinetti bug 57. This could cause Marinetti to return more data than it should, starting with valid data but then including corrupt data. The workaround I'm using is to have Marinetti return a new handle and then copy the data out of it, using the size of the handle as the true size of the data that was read. Because of details of how Marinetti works, that size is correct. This shouldn't have a major performance impact, because Marinetti would internally read data into a new handle and then copy it anyway. --- readtcp.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/readtcp.c b/readtcp.c index 78918ff..ae3b2ba 100644 --- a/readtcp.c +++ b/readtcp.c @@ -2,7 +2,9 @@ #include "readtcp.h" #include "session.h" +#include #include +#include #include #include @@ -24,15 +26,25 @@ ReadStatus TryReadTCP(Session *sess) { rrBuff rrBuff; TCPIPPoll(); - sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypePointer, (Ref)sess->readPtr, + sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypeNewHandle, NULL, sess->readCount, &rrBuff); sess->toolerr = toolerror(); if (sess->tcperr || sess->toolerr) { return rsError; } - sess->readCount -= rrBuff.rrBuffCount; - sess->readPtr += rrBuff.rrBuffCount; + if (rrBuff.rrBuffCount != 0) { + /* Work around Marinetti bug #57 */ + rrBuff.rrBuffCount = GetHandleSize(rrBuff.rrBuffHandle); + + HLock(rrBuff.rrBuffHandle); + memcpy(sess->readPtr, *rrBuff.rrBuffHandle, rrBuff.rrBuffCount); + DisposeHandle(rrBuff.rrBuffHandle); + + sess->readCount -= rrBuff.rrBuffCount; + sess->readPtr += rrBuff.rrBuffCount; + } + if (sess->readCount == 0) { return rsDone;