We should check NULL pointer first before reference its
member, and check the limit on the data buffer in function
str_remove_initial.
Signed-off-by: Wang Sheng-Hui <shh...@gmail.com>
---
usr/strings.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/usr/strings.c b/usr/strings.c
index ee6a51c..6432c2c 100644
--- a/usr/strings.c
+++ b/usr/strings.c
@@ -97,11 +97,16 @@ int str_enlarge_data(struct str_buffer *s, int length)
void str_remove_initial(struct str_buffer *s, int length)
{
- char *remaining = s->buffer + length;
- int amount = s->data_length - length;
-
- if (s && length) {
- memmove(s->buffer, remaining, amount);
+ char *remaining;
+ int amount;
+
+ if (s && length) {
+ remaining = s->buffer + length;
+ amount = s->data_length - length;
+ if (amount < 0)
+ amount = 0;
+ if (amount)
+ memmove(s->buffer, remaining, amount);
s->data_length = amount;
s->buffer[amount] = '\0';
}
-- 1.7.1
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/open-iscsi?hl=en.
