[4.0] e1eb3e5 Fix an off-by-one when setting the first bit exceeding the current bitmap size
PÃ¥l Hermunn Johansen
hermunn at varnish-software.com
Thu Oct 20 16:41:05 CEST 2016
commit e1eb3e506bc6e0ae0bf68977bb283bce157fd772
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Thu Mar 3 11:56:22 2016 +0100
Fix an off-by-one when setting the first bit exceeding the current bitmap size
When setting bit n (the n+1th bit) of an n-bit vbitmap, we'd miss to
expand the bitmap and thus overflow our buffer and overwrite the first
bit of the next byte in memory.
diff --git a/include/vbm.h b/include/vbm.h
index 13d2d5f..984a3ea 100644
--- a/include/vbm.h
+++ b/include/vbm.h
@@ -86,7 +86,7 @@ vbit_set(struct vbitmap *vb, unsigned bit)
{
if (bit >= vb->nbits)
- vbit_expand(vb, bit);
+ vbit_expand(vb, bit + 1);
vb->bits[VBITMAP_IDX(bit)] |= VBITMAP_BIT(bit);
}
More information about the varnish-commit
mailing list