From d1be61dc61c4746059b3ef48bce4d942c3382514 Mon Sep 17 00:00:00 2001 From: Nicolas Pennequin Date: Sat, 4 Aug 2007 20:26:58 +0200 Subject: [PATCH] bufgetdata: Check that the caller isn't too greedy. When the buffer wraps and we need to use the guard buffer to provide a complete chunk, there is a limit to the amount of data we can provide. It's unsafe to assume we can provide the requested amount of data. --- testplugin.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testplugin.c b/testplugin.c index 3020b2d..64457a5 100644 --- a/testplugin.c +++ b/testplugin.c @@ -637,9 +637,9 @@ ssize_t bufgetdata(int handle_id, size_t size, unsigned char **data) h->available - RINGBUF_SUB(h->ridx, h->data) >= size) { /* use the guard buffer to provide what was requested. */ - size_t copy_n = h->ridx + size - buffer_len; + size_t copy_n = MIN(h->ridx + size - buffer_len, GUARD_SIZE); rb->memcpy(guard_buffer, (unsigned char *)buffer, copy_n); - ret = size; + ret = buffer_len - h->ridx + copy_n; DEBUGF("used the guard buffer to complete\n"); } else -- 2.11.4.GIT