Skip to content

Commit

Permalink
Clear the right number of bytes in StreamBuffer
Browse files Browse the repository at this point in the history 
The wrong number of bytes was being cleared in StreamBuffer::grow. That
could lead to memory access out of bounds.
  • Loading branch information
@sudastelaro
sudastelaro committed Oct 30, 2023
1 parent 211f689 commit 34cf047
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/StreamBuffer.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ grow(size_t minsize)
// just move contents to start of buffer and clear end
// to avoid reallocation
memmove(buffer, buffer+offs, len);
memset(buffer+len, 0, offs);
memset(buffer+len, 0, cap-len);
offs = 0;
return;
}
Expand Down

1 comment on commit 34cf047

@dirk-zimoch
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The old content from offs until offs+len is moved to the beginning (by offs). Thus off bytes need to be cleared:

Before:
[very old rubbish][CONTENT][zeros]
^                 ^        ^      ^
0                 offs  offs+len  cap
After memmove:
[CONTENT][rubbish  CONTENT][zeros]
^        ^                 ^      ^
0       len             offs+len cap
         [~~clear this~~~~] = (offs+len)-len = offs bytes

Please sign in to comment.