changeset
fixes integer overflow in ucx_buffer_extract
Mon, 27 Feb 2017 17:25:36 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Mon, 27 Feb 2017 17:25:36 +0100
- changeset 239
- 1634c3ea89da
- parent 238
- 27b31c2c959c
- child 240
- 8f937a3a6d11
fixes integer overflow in ucx_buffer_extract
| ucx/buffer.c | file | annotate | diff | comparison | revisions |
--- a/ucx/buffer.c Mon Feb 27 11:45:31 2017 +0100 +++ b/ucx/buffer.c Mon Feb 27 17:25:36 2017 +0100 @@ -64,8 +64,9 @@ UcxBuffer* ucx_buffer_extract( UcxBuffer *src, size_t start, size_t length, int flags) { - - if (src->size == 0 || length == 0 || start+length > src->capacity) { + if (src->size == 0 || length == 0 || + ((size_t)-1) - start < length || start+length > src->capacity) + { return NULL; }
