[PATCH 1/1] SECURITY: fixed fix to buffer handling
Ian Jackson
ijackson at chiark.greenend.org.uk
Mon Sep 22 16:49:45 BST 2014
From: Simon Tatham <anakin at pobox.com>
The implementation of buf_remaining_space in 92795040 was entirely
broken. It failed to take buf->size into account at all !
Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>
---
util.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util.h b/util.h
index 29b68e7..5866e57 100644
--- a/util.h
+++ b/util.h
@@ -31,7 +31,7 @@ extern void *buf_unprepend(struct buffer_if *buf, int32_t amount);
static inline int32_t buf_remaining_space(const struct buffer_if *buf)
{
- return (buf->base + buf->alloclen) - buf->start;
+ return (buf->base + buf->alloclen) - (buf->start + buf->size);
}
extern void buffer_readonly_view(struct buffer_if *n, const void*, int32_t len);
--
1.7.10.4
More information about the sgo-software-discuss
mailing list