From fd3e0c154236c59c2972b549500675980bb02507 Mon Sep 17 00:00:00 2001
From: cypherpunks <cypherpunks@torproject.org>
Date: Tue, 3 Mar 2020 07:01:05 +0000
Subject: core/mainloop: Limit growth of conn->inbuf

If the buf_t's length could potentially become greater than INT_MAX - 1,
it sets off an IF_BUG_ONCE in buf_read_from_tls().

All of the rest of the buffers.c code has similar BUG/asserts for this
invariant.
---
 changes/bug33131 | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changes/bug33131

(limited to 'changes/bug33131')

diff --git a/changes/bug33131 b/changes/bug33131
new file mode 100644
index 0000000000..bc5ef7bc2d
--- /dev/null
+++ b/changes/bug33131
@@ -0,0 +1,3 @@
+  o Minor bugfixes (mainloop):
+    - Better guard against growing a buffer past its maximum 2GB in size.
+      Fixes bug 33131; bugfix on 0.3.0.4-rc.
-- 
cgit v1.2.3-54-g00ecf