client: Fix integer wrap around in ring_peek()
Peeking beyond either end of the ring buffer must return EOF. We first compute the index, then check whether it's in range. Unfortunately, the index computation r->prod - -n can wrap around while r->prod is still <= RING_SIZE. If it happens, ring_peek() returns r->buf[(r->prod - -n) % RING_SIZE] instead of EOF. Currently harmless, because no caller peeks out of range. Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
This commit is contained in:
parent
93dfd60c4b
commit
63a6288435
1 changed files with 12 additions and 4 deletions
|
|
@ -27,7 +27,7 @@
|
||||||
* ringbuf.c: Simple ring buffer
|
* ringbuf.c: Simple ring buffer
|
||||||
*
|
*
|
||||||
* Known contributors to this file:
|
* Known contributors to this file:
|
||||||
* Markus Armbruster, 2007-2009
|
* Markus Armbruster, 2007-2015
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
@ -82,9 +82,17 @@ ring_peek(struct ring *r, int n)
|
||||||
|
|
||||||
assert(-RING_SIZE - 1 <= n && n <= RING_SIZE);
|
assert(-RING_SIZE - 1 <= n && n <= RING_SIZE);
|
||||||
|
|
||||||
idx = n >= 0 ? r->cons + n : r->prod - -n;
|
if (n >= 0) {
|
||||||
if (idx < r->cons && idx >= r->prod)
|
idx = r->cons + n;
|
||||||
|
if (idx >= r->prod)
|
||||||
return EOF;
|
return EOF;
|
||||||
|
} else {
|
||||||
|
/* Beware, r->prod - -n can wrap around, avoid that */
|
||||||
|
if (r->prod < r->cons + -n)
|
||||||
|
return EOF;
|
||||||
|
idx = r->prod - -n;
|
||||||
|
}
|
||||||
|
|
||||||
return r->buf[idx % RING_SIZE];
|
return r->buf[idx % RING_SIZE];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue