Joshua Rogers
Joshua Rogers
`clear_scenes()` previously cleared `artboards` before `scenes`. Since `Scene` objects are constructed from `Artboard` instances and may hold raw references back into them, this ordering risked use-after-free during `Scene` destruction. Reorder...
Previously, when overriding `argc/argv` from the window location hash, the code built temporary `std::vector` and `std::vector` on the stack, then reassigned `argv` to their `.data()`. Once the block ended, both...
if the countorLength is 0, fmodf will result in a divide by zero.
An internal GitHub redirect already exists for this, however let's make it proper.
The incorrect variable was used for scaling the y axis.
### Summary In ssl_tls13_server, `ssl_tls13_parse_key_exchange_modes_ext()` allows a zero-length value of `ke_modes` to be 0. The grammar is `PskKeyExchangeMode ke_modes`, so a zero-length list is invalid. The current code accepts 0,...
### Summary I believe there's a bug in `ssl_tls13_parse_certificate_request()` in `library/ssl_tls13_client.c`. The bug is here: https://github.com/Mbed-TLS/mbedtls/blob/b180696e941a6b21568e23af9ed16c45d8f1df97/library/ssl_tls13_client.c#L2411-L2424. `certificate_request_context_len` is used, but `handshake->certificate_request_context_len` is never set to `certificate_request_context_len` after the memcpy to...
DTLSv1_listen built the HelloVerifyRequest in wbuf but invoked msg_callback with buf and DTLS1_RT_HEADER_LENGTH, and version 0. That caused incorrect logging and could disclose the ClientHello to write callbacks. Use wbuf...
- zero the 5 prepended TLS header bytes before recvmsg to avoid stale header bytes when no TLS_GET_RECORD_TYPE cmsg is delivered - require MSG_EOR and reject MSG_CTRUNC to avoid treating...
Add !result checks for Negotiate and Bearer in Curl_http_input_auth to stop mutating auth state after a prior handler error on the same header line. This matches NTLM, Digest, and Basic...