aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2008-09-17 07:18:55 -0400
committerMike Frysinger <vapier@gentoo.org>2008-09-17 07:18:55 -0400
commitebe4f14ab2c85964cef2bb03c480dfa9aa3a2082 (patch)
tree4502863b6aae998702c3f3f2684efacc52321510 /rpmoffset.c
parentfix .tar.lzma suffix for rpm2tarlzma and set -S by default for rpm2tar* rathe... (diff)
downloadrpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.tar.gz
rpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.tar.bz2
rpm2targz-ebe4f14ab2c85964cef2bb03c480dfa9aa3a2082.zip
rpmoffset: fix boundary bug
Dmitry Karasik writes: When searching for the payload offset and not finding it in the current buffer, the code attempts to move the last (MAGIC_SIZE - 1) bytes to the beginning of the buffer. However the code for that is wrong. It reads: memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1); but should be: memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1); Mike Frysinger writes: The memmove() also needs to occur before left gets updated to avoid reading beyond the bounds of the p buffer and thus messing up the first adjustment. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Dmitry Karasik <dkarasik@gmail.com>
Diffstat (limited to 'rpmoffset.c')
-rw-r--r--rpmoffset.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/rpmoffset.c b/rpmoffset.c
index 80ed563..b8f5a04 100644
--- a/rpmoffset.c
+++ b/rpmoffset.c
@@ -52,12 +52,13 @@ int main(int argc, char *argv[])
}
}
+ memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1);
+
offset += read_cnt;
if (left == 0) {
offset -= MAGIC_SIZE - 1;
left = MAGIC_SIZE - 1;
}
- memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1);
}
if (ferror(stdin))