BUG/MINOR: protocol_buffer: Wrong maximum shifting.

This patch fixes a bad stop condition when decoding a protocol buffer variable integer
whose maximum lenghts are 10, shifting a uint64_t value by more than 63.

Thank you to Ilya for having reported this issue.

Must be backported to 2.1 and 2.0.

diff --git a/include/proto/protocol_buffers.h b/include/proto/protocol_buffers.h
index 69f0bdf81639a23e7a3b599ed4e096368a7f175e..0426d83d2cc94ab5147c537e77f14479db7b76e3 100644 (file)
--- a/include/proto/protocol_buffers.h
+++ b/include/proto/protocol_buffers.h
@@ -158,7 +158,7 @@ protobuf_varint(uint64_t *val, unsigned char *pos, size_t len)
 
                shift += 7;
                /* The maximum length in bytes of a 64-bit encoded value is 10. */
-               if (shift > 70)
+               if (shift > 63)
                        return 0;
        }
 
@@ -194,7 +194,7 @@ protobuf_decode_varint(uint64_t *val, unsigned char **pos, size_t *len)
 
                shift += 7;
                /* The maximum length in bytes of a 64-bit encoded value is 10. */
-               if (shift > 70)
+               if (shift > 63)
                        return 0;
        }
 
@@ -227,7 +227,7 @@ protobuf_skip_varint(unsigned char **pos, size_t *len, size_t vlen)
 
                shift += 7;
                /* The maximum length in bytes of a 64-bit encoded value is 10. */
-               if (shift > 70)
+               if (shift > 63)
                        return 0;
        }
 
@@ -263,7 +263,7 @@ protobuf_varint_getlen(unsigned char *pos, size_t len)
 
                shift += 7;
                /* The maximum length in bytes of a 64-bit encoded value is 10. */
-               if (shift > 70)
+               if (shift > 63)
                        return -1;
        }