File: 710-ring-buffer-overflow.diff

package info (click to toggle)
netkit-telnet-ssl 0.17.41%2Breally0.17-7
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,800 kB
  • sloc: cpp: 6,952; ansic: 6,724; sh: 182; makefile: 68
file content (16 lines) | stat: -rw-r--r-- 468 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
Author: Mikolaj Izdebski <zurgunt@gmail.com>
Description: Fixing a buffer overflow when top == bot
Bug-Debian: https://bugs.debian.org/659415
Last-Update: 2023-03-04

--- a/telnet/ring.cc
+++ b/telnet/ring.cc
@@ -140,7 +140,7 @@
 	int top = head;
 	if (top < bot) top = size;
 	if (marked > bot) top = marked;
-	assert(top-bot > 0 && top-bot <= count);
+	assert(top-bot >= 0 && top-bot <= count);
 
 	int n;
 	if (marked==bot) n = binding->writeurg(buf+bot, top-bot);