[4.1] 31af69b Fix an off-by-one when setting the first bit exceeding the current bitmap size

Nils Goroll nils.goroll at uplex.de
Thu Mar 3 14:59:33 CET 2016


commit 31af69b9759d9468b3d0d3972fd379d2ca7fded6
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Thu Mar 3 11:56:22 2016 +0100

    Fix an off-by-one when setting the first bit exceeding the current bitmap size
    
    When setting bit n (the n+1th bit) of an n-bit vbitmap, we'd miss to
    expand the bitmap and thus overflow our buffer and overwrite the first
    bit of the next byte in memory.

diff --git a/include/vbm.h b/include/vbm.h
index 13d2d5f..984a3ea 100644
--- a/include/vbm.h
+++ b/include/vbm.h
@@ -86,7 +86,7 @@ vbit_set(struct vbitmap *vb, unsigned bit)
 {
 
 	if (bit >= vb->nbits)
-		vbit_expand(vb, bit);
+		vbit_expand(vb, bit + 1);
 	vb->bits[VBITMAP_IDX(bit)] |= VBITMAP_BIT(bit);
 }
 



More information about the varnish-commit mailing list