fixes integer overflow in ucx_buffer_extract

Mon, 27 Feb 2017 17:25:36 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Mon, 27 Feb 2017 17:25:36 +0100
changeset 239
1634c3ea89da
parent 238
27b31c2c959c
child 240
8f937a3a6d11

fixes integer overflow in ucx_buffer_extract

ucx/buffer.c file | annotate | diff | comparison | revisions
--- a/ucx/buffer.c	Mon Feb 27 11:45:31 2017 +0100
+++ b/ucx/buffer.c	Mon Feb 27 17:25:36 2017 +0100
@@ -64,8 +64,9 @@
 
 UcxBuffer* ucx_buffer_extract(
         UcxBuffer *src, size_t start, size_t length, int flags) {
-    
-    if (src->size == 0 || length == 0 || start+length > src->capacity) {
+    if (src->size == 0 || length == 0 ||
+        ((size_t)-1) - start < length || start+length > src->capacity)
+    {
         return NULL;
     }
 

mercurial