msgpack_unpack_init() overruns for small messages

[GoogleCodeExporter]

Using msgpack_unpack_init() for a buffer smaller than 16 bytes has a couple of 
problems.

- It always reads at least 16 bytes from 'data', even if n<16, which could 
cause a segv if the placement of the source buffer is unfortunate.

- It always sets m->end to at least 16 bytes past m->p, which means that later 
calls to msgpack_unpack_len() do not return the expected value. (In my case, 
I'm checking for unexpected extra data in the buffer by testing whether 
msgpack_unpack_len()==0 after I've unpacked everything I expect; for short 
messages, this test spuriously fails.)

I think the right fix is just to remove the line "if ( n < 16 ) n = 16;" from 
the function, which looks like a copy-and-paste-o from msgpack_pack_init() --- 
I can't see any benefit to having it in the unpack function.

This is in msgpackalt-0.5.

Original issue reported on code.google.com by wiml@omnigroup.com on 26 Nov 2013 at 1:46

[GoogleCodeExporter]

Pull request: I've committed a fix to my clone of the msgpackalt repository, 
http://code.google.com/r/wiml-msgpackalt/ , changeset d9632da5ed10 and parent.

Original comment by wiml@omnigroup.com on 2 Apr 2014 at 12:42

• Added labels: ****
• Removed labels: ****