NO-JIRA: prevent out-of-bounds memory access
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/dddfde20 Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/dddfde20 Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/dddfde20 Branch: refs/heads/master Commit: dddfde20dcf7cb2631c04eea2aea42b5a5f180f1 Parents: 81c2110 Author: Dominic Evans <[email protected]> Authored: Wed Apr 29 17:09:29 2015 +0100 Committer: Dominic Evans <[email protected]> Committed: Wed May 6 13:36:11 2015 +0100 ---------------------------------------------------------------------- proton-c/src/codec/codec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/dddfde20/proton-c/src/codec/codec.c ---------------------------------------------------------------------- diff --git a/proton-c/src/codec/codec.c b/proton-c/src/codec/codec.c index 25d3701..29580e2 100644 --- a/proton-c/src/codec/codec.c +++ b/proton-c/src/codec/codec.c @@ -477,6 +477,7 @@ int pn_data_intern_node(pn_data_t *data, pni_node_t *node) int pn_data_vfill(pn_data_t *data, const char *fmt, va_list ap) { int err = 0; + const char *begin = fmt; while (*fmt) { char code = *(fmt++); if (!code) return 0; @@ -578,7 +579,7 @@ int pn_data_vfill(pn_data_t *data, const char *fmt, va_list ap) } break; case '[': - if (*(fmt - 2) != 'T') { + if (fmt < (begin + 2) || *(fmt - 2) != 'T') { err = pn_data_put_list(data); if (err) return err; pn_data_enter(data); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
