Mon, 27 Feb 2017 17:25:36 +0100
fixes integer overflow in ucx_buffer_extract
ucx/buffer.c | file | annotate | diff | comparison | revisions |
1.1 --- a/ucx/buffer.c Mon Feb 27 11:45:31 2017 +0100 1.2 +++ b/ucx/buffer.c Mon Feb 27 17:25:36 2017 +0100 1.3 @@ -64,8 +64,9 @@ 1.4 1.5 UcxBuffer* ucx_buffer_extract( 1.6 UcxBuffer *src, size_t start, size_t length, int flags) { 1.7 - 1.8 - if (src->size == 0 || length == 0 || start+length > src->capacity) { 1.9 + if (src->size == 0 || length == 0 || 1.10 + ((size_t)-1) - start < length || start+length > src->capacity) 1.11 + { 1.12 return NULL; 1.13 } 1.14