[sheepdog] [PATCH] fec: fix buffer overrun

MORITA Kazutaka morita.kazutaka at lab.ntt.co.jp
Tue Feb 4 04:57:54 CET 2014


After all the parities are set to out[], p will increase beyond
ctx->dp.  This adds a check for it.

This also adds assert() to make sure that we don't overrun the buffer.

Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
---
 lib/fec.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fec.c b/lib/fec.c
index 7d897e4..5d627f5 100644
--- a/lib/fec.c
+++ b/lib/fec.c
@@ -602,9 +602,10 @@ static inline void decode_prepare(struct fec *ctx, const uint8_t *dp[],
 			out[i] = dp[i];
 			outidx[i] = i;
 		} else {
+			assert(p < ctx->dp);
 			out[i] = dp[p];
 			outidx[i] = p;
-			while (!dp[++p])
+			while (++p < ctx->dp && !dp[p])
 				;
 		}
 	}
-- 
1.7.10.4




More information about the sheepdog mailing list