diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2008-09-17 07:18:55 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2008-09-17 07:18:55 -0400 |
| commit | ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082 (patch) | |
| tree | 4502863b6aae998702c3f3f2684efacc52321510 | |
| parent | fix .tar.lzma suffix for rpm2tarlzma and set -S by default for rpm2tar* rathe... (diff) | |
| download | rpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.tar.gz rpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.tar.bz2 rpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.zip | |
rpmoffset: fix boundary bug
Dmitry Karasik writes:
When searching for the payload offset and not finding it in the current buffer,
the code attempts to move the last (MAGIC_SIZE - 1) bytes to the beginning of
the buffer. However the code for that is wrong. It reads:
memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1);
but should be:
memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1);
Mike Frysinger writes:
The memmove() also needs to occur before left gets updated to avoid reading
beyond the bounds of the p buffer and thus messing up the first adjustment.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Dmitry Karasik <dkarasik@gmail.com>
| -rw-r--r-- | rpmoffset.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/rpmoffset.c b/rpmoffset.c index 80ed563..b8f5a04 100644 --- a/rpmoffset.c +++ b/rpmoffset.c @@ -52,12 +52,13 @@ int main(int argc, char *argv[]) } } + memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1); + offset += read_cnt; if (left == 0) { offset -= MAGIC_SIZE - 1; left = MAGIC_SIZE - 1; } - memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1); } if (ferror(stdin)) |