From: Christopher Faulet Date: Mon, 14 Oct 2019 09:29:48 +0000 (+0200) Subject: BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data X-Git-Tag: v2.1-dev3~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48fa033f2809af265c230a7c7cf86413b7f9909b;p=thirdparty%2Fhaproxy.git BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data When raw data are copied or appended in a chunk, the result must not exceed the chunk size but it can reach it. Unlike functions to copy or append a string, there is no terminating null byte. This patch must be backported as far as 1.8. Note in 1.8, the functions chunk_cpy() and chunk_cat() don't exist. --- diff --git a/include/common/chunk.h b/include/common/chunk.h index a1a3eb779b..18abca7bdd 100644 --- a/include/common/chunk.h +++ b/include/common/chunk.h @@ -98,7 +98,7 @@ static inline void chunk_initstr(struct buffer *chk, const char *str) /* copies chunk into . Returns 0 in case of failure. */ static inline int chunk_cpy(struct buffer *chk, const struct buffer *src) { - if (unlikely(src->data >= chk->size)) + if (unlikely(src->data > chk->size)) return 0; chk->data = src->data; @@ -109,7 +109,7 @@ static inline int chunk_cpy(struct buffer *chk, const struct buffer *src) /* appends chunk after . Returns 0 in case of failure. */ static inline int chunk_cat(struct buffer *chk, const struct buffer *src) { - if (unlikely(chk->data + src->data >= chk->size)) + if (unlikely(chk->data + src->data > chk->size)) return 0; memcpy(chk->area + chk->data, src->area, src->data); @@ -123,7 +123,7 @@ static inline int chunk_cat(struct buffer *chk, const struct buffer *src) static inline int chunk_memcpy(struct buffer *chk, const char *src, size_t len) { - if (unlikely(len >= chk->size)) + if (unlikely(len > chk->size)) return 0; chk->data = len; @@ -138,7 +138,7 @@ static inline int chunk_memcpy(struct buffer *chk, const char *src, static inline int chunk_memcat(struct buffer *chk, const char *src, size_t len) { - if (unlikely(chk->data + len >= chk->size)) + if (unlikely(chk->data + len > chk->size)) return 0; memcpy(chk->area + chk->data, src, len);