diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-03 15:30:11 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-03 15:30:11 -0500 |
| commit | e365aee97110c6c6df6f56ca9814d88c3808a2d1 (patch) | |
| tree | 832874726f999f03d5e10a102d0b84c9c5314713 | |
| parent | e09ab69703967716b2765e062ca229e641dba53e (diff) | |
| download | tor-e365aee97110c6c6df6f56ca9814d88c3808a2d1.tar.gz tor-e365aee97110c6c6df6f56ca9814d88c3808a2d1.zip | |
Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1
Spotted by doors, fixes bug 2326.
| -rw-r--r-- | changes/bug2326 | 6 | ||||
| -rw-r--r-- | src/common/util.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug2326 b/changes/bug2326 new file mode 100644 index 0000000000..239a383faf --- /dev/null +++ b/changes/bug2326 @@ -0,0 +1,6 @@ + o Minor bugfixes + - Fix a bug where we would assert if we ever had a + cached-descriptors.new file (or another file read directly into + memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes + bug 2326; bugfix on 0.2.1.25. + diff --git a/src/common/util.c b/src/common/util.c index 7a24df8133..f206d00c49 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1936,7 +1936,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) return NULL; } - if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_CEILING) + if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) return NULL; string = tor_malloc((size_t)(statbuf.st_size+1)); |