]> git.ipfire.org Git - thirdparty/tor.git/commit
projects / thirdparty / tor.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 39ac1db) | patch
Don't run off the end of the array-of-freelists
authorNick Mathewson <nickm@torproject.org>
Wed, 8 May 2013 16:04:18 +0000 (12:04 -0400)
committerNick Mathewson <nickm@torproject.org>
Thu, 9 May 2013 17:10:48 +0000 (13:10 -0400)
commit00e2310f12dfb91aca2949463b57bd6937f19166
tree5ea0e332e40d233d798f17e48f18aceb4ebc4de6tree | snapshot
parent39ac1db60e8b920e1e6b07e08f7f3343960ece79commit | diff
Don't run off the end of the array-of-freelists

This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
changes/bug8844 [new file with mode: 0644] blob
src/or/buffers.c diff | blob | blame | history
src/test/test.c diff | blob | blame | history
Mirror of https://git.torproject.org/tor.git