[4.1] 31af69b Fix an off-by-one when setting the first bit exceeding the current bitmap size
Nils Goroll
nils.goroll at uplex.de
Thu Mar 3 14:59:33 CET 2016
commit 31af69b9759d9468b3d0d3972fd379d2ca7fded6
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Thu Mar 3 11:56:22 2016 +0100
Fix an off-by-one when setting the first bit exceeding the current bitmap size
When setting bit n (the n+1th bit) of an n-bit vbitmap, we'd miss to
expand the bitmap and thus overflow our buffer and overwrite the first
bit of the next byte in memory.
diff --git a/include/vbm.h b/include/vbm.h
index 13d2d5f..984a3ea 100644
--- a/include/vbm.h
+++ b/include/vbm.h
@@ -86,7 +86,7 @@ vbit_set(struct vbitmap *vb, unsigned bit)
{
if (bit >= vb->nbits)
- vbit_expand(vb, bit);
+ vbit_expand(vb, bit + 1);
vb->bits[VBITMAP_IDX(bit)] |= VBITMAP_BIT(bit);
}
More information about the varnish-commit
mailing list