mirror/guile
mirror/guile
1
Fork 0
mirror of https://git.savannah.gnu.org/git/guile.git synced 2025-05-20 11:40:18 +02:00
Code Activity

Fix bounds check in recvfrom!

Browse source 
Closes https://debbugs.gnu.org/cgi/bugreport.cgi?bug=45595.

NB: Amended by the committer to allow an empty range.

* libguile/socket.c: As stated.
This commit is contained in:
d4ryus 2021-01-01 12:34:57 +01:00 committed by Daniel Llorens
parent c5f443de79
commit 1a8294f495
1 changed files with 10 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

17
libguile/socket.c
View file

@ -1491,21 +1491,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
SCM_VALIDATE_BYTEVECTOR (1, buf);
if (SCM_UNBNDP (start))
offset = 0;
else
offset = scm_to_size_t (start);
if (SCM_UNBNDP (end))
cend = SCM_BYTEVECTOR_LENGTH (buf);
else
{
cend = scm_to_size_t (end);
if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
|| cend < offset))
if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
scm_out_of_range (FUNC_NAME, end);
}
if (SCM_UNBNDP (start))
offset = 0;
else
{
offset = scm_to_size_t (start);
if (SCM_UNLIKELY (cend < offset))
scm_out_of_range (FUNC_NAME, start);
}
SCM_SYSCALL (rv = recvfrom (fd,
SCM_BYTEVECTOR_CONTENTS (buf) + offset,
cend - offset, flg,