From 9fc22b417210e4c3fa2c8bf3b005cbf74f3c4c03 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Wed, 8 Oct 2014 09:57:09 +0200 Subject: [PATCH] Fix uri array may overflow in yaz_solr_encode_request YAZ-775 --- src/solr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/solr.c b/src/solr.c index 1c11765..a8e8cd8 100644 --- a/src/solr.c +++ b/src/solr.c @@ -478,6 +478,12 @@ int yaz_solr_encode_request(Z_HTTP_Request *hreq, Z_SRW_PDU *srw_pdu, int no_parms = 20; /* safe upper limit of args without extra_args */ Z_SRW_extra_arg *ea; + if (srw_pdu->which == Z_SRW_searchRetrieve_request) + { /* to make room for facets in yaz_solr_encode_facet_list later */ + Z_SRW_searchRetrieveRequest *request = srw_pdu->u.request; + if (request->facetList) + no_parms += request->facetList->num; + } for (ea = srw_pdu->extra_args; ea; ea = ea->next) no_parms++; name = (char **) odr_malloc(encode, sizeof(*name) * no_parms); -- 1.7.10.4