CHANresize in INN-2.5.0

Russ Allbery rra at stanford.edu
Sat Aug 26 05:21:49 UTC 2006


Christoph Biedl <cbiedl at gmx.de> writes:

> playing around with INN 2.5.0 (20060613 prerelease) I noticed 
> strange messages in news.notice
> | innd: <remote IP>:18 cant read: Bad address
> caused by huge read command like (ltrace)
> | read(19, "", 4294963252)                         = -1
> and a lot of segfaults. After three days of searching I think I found
> the problem in CHANresize in art.c:

> --- chan.c.org  2006-06-13 14:08:48.000000000 +0200
> +++ chan.c      2006-06-16 18:56:25.573081321 +0200
> @@ -714,7 +714,7 @@
>      bp = &cp->In;
>      change = size - bp->size;
>      bp->size = size;
> -    bp->left = bp->left + size;
> +    bp->left += change;
>      p = bp->data;
 
>      /* Reallocate the buffer and adjust offets if realloc moved the location

This is indeed obviously correct and (belatedly) has now been committed.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list