fix possibe buffer-off-by one
This commit is contained in:
Florian Westphal
parent
23e7f7f0dd
commit
3f1e03edd9
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
#include "array.h"
|
||||
|
||||
static char UNUSED id[] = "$Id: array.c,v 1.12 2006/09/30 21:49:46 fw Exp $";
|
||||
static char UNUSED id[] = "$Id: array.c,v 1.13 2006/12/17 22:52:43 fw Exp $";
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
|
|
@ -247,19 +247,21 @@ void *
|
|||
array_get(array * a, size_t membersize, size_t pos)
|
||||
{
|
||||
size_t totalsize;
|
||||
size_t posplus1 = pos + 1;
|
||||
|
||||
assert(membersize > 0);
|
||||
assert(a != NULL);
|
||||
|
||||
if (array_UNUSABLE(a))
|
||||
if (!posplus1 || array_UNUSABLE(a))
|
||||
return NULL;
|
||||
|
||||
if (!safemult_sizet(pos, membersize, &totalsize))
|
||||
if (!safemult_sizet(posplus1, membersize, &totalsize))
|
||||
return NULL;
|
||||
|
||||
if (a->allocated < totalsize)
|
||||
return NULL;
|
||||
|
||||
totalsize = pos * membersize;
|
||||
return a->mem + totalsize;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue