CHANresize in INN-2.5.0
Russ Allbery
rra at stanford.edu
Sat Aug 26 05:21:49 UTC 2006
Christoph Biedl <cbiedl at gmx.de> writes:
> playing around with INN 2.5.0 (20060613 prerelease) I noticed
> strange messages in news.notice
> | innd: <remote IP>:18 cant read: Bad address
> caused by huge read command like (ltrace)
> | read(19, "", 4294963252) = -1
> and a lot of segfaults. After three days of searching I think I found
> the problem in CHANresize in art.c:
> --- chan.c.org 2006-06-13 14:08:48.000000000 +0200
> +++ chan.c 2006-06-16 18:56:25.573081321 +0200
> @@ -714,7 +714,7 @@
> bp = &cp->In;
> change = size - bp->size;
> bp->size = size;
> - bp->left = bp->left + size;
> + bp->left += change;
> p = bp->data;
> /* Reallocate the buffer and adjust offets if realloc moved the location
This is indeed obviously correct and (belatedly) has now been committed.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list