This is an automated email from the git hooks/post-receive script.
lloda pushed a commit to branch main
in repository guile.
The following commit(s) were added to refs/heads/main by this push:
new 1a8294f Fix bounds check in recvfrom!
1a8294f is described below
commit 1a8294f495cb202f8fcd0f260627c58e7a4c4d10
Author: d4ryus <[email protected]>
AuthorDate: Fri Jan 1 12:34:57 2021 +0100
Fix bounds check in recvfrom!
Closes https://debbugs.gnu.org/cgi/bugreport.cgi?bug=45595.
NB: Amended by the committer to allow an empty range.
* libguile/socket.c: As stated.
---
libguile/socket.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/libguile/socket.c b/libguile/socket.c
index 9b87c0c..68fb016 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1491,21 +1491,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
SCM_VALIDATE_BYTEVECTOR (1, buf);
- if (SCM_UNBNDP (start))
- offset = 0;
- else
- offset = scm_to_size_t (start);
-
if (SCM_UNBNDP (end))
cend = SCM_BYTEVECTOR_LENGTH (buf);
else
{
cend = scm_to_size_t (end);
- if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
- || cend < offset))
+ if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
scm_out_of_range (FUNC_NAME, end);
}
+ if (SCM_UNBNDP (start))
+ offset = 0;
+ else
+ {
+ offset = scm_to_size_t (start);
+ if (SCM_UNLIKELY (cend < offset))
+ scm_out_of_range (FUNC_NAME, start);
+ }
+
SCM_SYSCALL (rv = recvfrom (fd,
SCM_BYTEVECTOR_CONTENTS (buf) + offset,
cend - offset, flg,
