From 71ee53fe9bdf3f64eef9b38de55960185e8be1b5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 3 Mar 2015 22:20:17 +0100 Subject: Do not leave empty, invalid chunks in buffers during buf_pullup This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks' --- changes/bug15083 | 6 ++++++ src/or/buffers.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 changes/bug15083 diff --git a/changes/bug15083 b/changes/bug15083 new file mode 100644 index 0000000000..98d1d0e535 --- /dev/null +++ b/changes/bug15083 @@ -0,0 +1,6 @@ + o Major bugfixes (relay, stability): + - Fix a bug that could lead to a relay crashing with an assertion + failure if a buffer of exactly the wrong layout was passed + to buf_pullup() at exactly the wrong time. Fixes bug 15083; + bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. + diff --git a/src/or/buffers.c b/src/or/buffers.c index 9be0476f64..7976432793 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -426,7 +426,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate) size_t n = bytes - dest->datalen; src = dest->next; tor_assert(src); - if (n > src->datalen) { + if (n >= src->datalen) { memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen); dest->datalen += src->datalen; dest->next = src->next; -- cgit v1.2.3-54-g00ecf