sbuf: check more strictly sbcopy() bounds with offset

We shouldn't be reading undefined data, check that the data to read remains within sb_cc limit. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2019-11-21 15:29:17 +0400
committer: Marc-André Lureau <marcandre.lureau@redhat.com> 2019-11-21 15:30:18 +0400
commit: db1fabb719e722f93e0082eb9b7a952bf8afad99 (patch)
tree: 3f17a7625bae8ea61060064720cfe784732a14b7 /src/sbuf.c
parent: d0e9738408ffa72626693ca5c28e8f80ea162ce4 (diff)
download: slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.zip
slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.tar.gz
slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sbuf.c b/src/sbuf.c
index 3f20729..71b2ddb 100644
--- a/src/sbuf.c
+++ b/src/sbuf.c
@@ -169,7 +169,7 @@ void sbcopy(struct sbuf *sb, int off, int len, char *to)
     char *from;
 
     g_assert(len >= 0);
-    g_assert(len <= sb->sb_cc);
+    g_assert(len + off <= sb->sb_cc);
 
     from = sb->sb_rptr + off;
     if (from >= sb->sb_data + sb->sb_datalen)
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2019-11-21 15:29:17 +0400
committer	Marc-André Lureau <marcandre.lureau@redhat.com>	2019-11-21 15:30:18 +0400
commit	db1fabb719e722f93e0082eb9b7a952bf8afad99 (patch)
tree	3f17a7625bae8ea61060064720cfe784732a14b7 /src/sbuf.c
parent	d0e9738408ffa72626693ca5c28e8f80ea162ce4 (diff)
download	slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.zip slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.tar.gz slirp-db1fabb719e722f93e0082eb9b7a952bf8afad99.tar.bz2