albino
/
ngircd-tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix possibe buffer-off-by one

This commit is contained in:
Florian Westphal 2006-12-17 22:52:43 +00:00
parent 23e7f7f0dd
commit 3f1e03edd9
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ngircd/array.c
View File

@ -12,7 +12,7 @@
#include "array.h" #include "array.h"
static char UNUSED id[] = "$Id: array.c,v 1.12 2006/09/30 21:49:46 fw Exp $"; static char UNUSED id[] = "$Id: array.c,v 1.13 2006/12/17 22:52:43 fw Exp $";
#include <assert.h> #include <assert.h>
@ -247,19 +247,21 @@ void *
array_get(array * a, size_t membersize, size_t pos) array_get(array * a, size_t membersize, size_t pos)
{ {
size_t totalsize; size_t totalsize;
size_t posplus1 = pos + 1;
assert(membersize > 0); assert(membersize > 0);
assert(a != NULL); assert(a != NULL);
if (array_UNUSABLE(a)) if (!posplus1 || array_UNUSABLE(a))
return NULL; return NULL;
if (!safemult_sizet(pos, membersize, &totalsize)) if (!safemult_sizet(posplus1, membersize, &totalsize))
return NULL; return NULL;
if (a->allocated < totalsize) if (a->allocated < totalsize)
return NULL; return NULL;
totalsize = pos * membersize;
return a->mem + totalsize; return a->mem + totalsize;
} }