[prev in list] [next in list] [prev in thread] [next in thread] 

List:       varnish-commit
Subject:    [4.0] e1eb3e5 Fix an off-by-one when setting the first bit exceeding the current bitmap size
From:       Pål Hermunn Johansen <hermunn () varnish-software ! com>
Date:       2016-10-20 14:41:05
Message-ID: E1bxEWn-0001qB-0q () project ! varnish-software ! com
[Download RAW message or body]


commit e1eb3e506bc6e0ae0bf68977bb283bce157fd772
Author: Nils Goroll <nils.goroll@uplex.de>
Date:   Thu Mar 3 11:56:22 2016 +0100

    Fix an off-by-one when setting the first bit exceeding the current bitmap size
    
    When setting bit n (the n+1th bit) of an n-bit vbitmap, we'd miss to
    expand the bitmap and thus overflow our buffer and overwrite the first
    bit of the next byte in memory.

diff --git a/include/vbm.h b/include/vbm.h
index 13d2d5f..984a3ea 100644
--- a/include/vbm.h
+++ b/include/vbm.h
@@ -86,7 +86,7 @@ vbit_set(struct vbitmap *vb, unsigned bit)
 {
 
 	if (bit >= vb->nbits)
-		vbit_expand(vb, bit);
+		vbit_expand(vb, bit + 1);
 	vb->bits[VBITMAP_IDX(bit)] |= VBITMAP_BIT(bit);
 }
 

_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic