[dovecot-cvs] dovecot/src/lib file-cache.c,1.12.2.2,1.12.2.3
tss at dovecot.org
tss at dovecot.org
Sat Nov 18 23:26:20 UTC 2006
Update of /var/lib/cvs/dovecot/src/lib
In directory talvi:/tmp/cvs-serv9560
Modified Files:
Tag: branch_1_0
file-cache.c
Log Message:
And another off-by-one buffer overflow fix.
Index: file-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib/file-cache.c,v
retrieving revision 1.12.2.2
retrieving revision 1.12.2.3
diff -u -d -r1.12.2.2 -r1.12.2.3
--- file-cache.c 18 Nov 2006 23:14:58 -0000 1.12.2.2
+++ file-cache.c 18 Nov 2006 23:26:18 -0000 1.12.2.3
@@ -128,8 +128,8 @@
i_assert(psize > 0);
bits = buffer_get_space_unsafe(cache->page_bitmask, 0,
- (poffset + psize + CHAR_BIT - 1) /
- CHAR_BIT);
+ poffset / CHAR_BIT +
+ (psize + CHAR_BIT - 1) / CHAR_BIT);
dest_offset = poffset * page_size;
dest = PTR_OFFSET(cache->mmap_base, dest_offset);
@@ -282,7 +282,7 @@
}
bits = buffer_get_space_unsafe(cache->page_bitmask, offset / CHAR_BIT,
- (size + CHAR_BIT - 1) / CHAR_BIT);
+ 1 + (size + CHAR_BIT - 1) / CHAR_BIT);
/* set the first byte */
for (i = offset % CHAR_BIT, mask = 0; i < CHAR_BIT && size > 0; i++) {
More information about the dovecot-cvs
mailing list