Return-Path: 
 <commits-return-29096-apmail-qpid-commits-archive=qpid.apache.org@qpid.apache.org>
X-Original-To: apmail-qpid-commits-archive@www.apache.org
Delivered-To: apmail-qpid-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 28C1618DB4
	for <apmail-qpid-commits-archive@www.apache.org>;
 Wed,  6 May 2015 12:39:19 +0000 (UTC)
Received: (qmail 96631 invoked by uid 500); 6 May 2015 12:39:19 -0000
Delivered-To: apmail-qpid-commits-archive@qpid.apache.org
Received: (qmail 96571 invoked by uid 500); 6 May 2015 12:39:19 -0000
Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@qpid.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@qpid.apache.org>
List-Post: <mailto:commits@qpid.apache.org>
List-Id: <commits.qpid.apache.org>
Reply-To: dev@qpid.apache.org
Delivered-To: mailing list commits@qpid.apache.org
Received: (qmail 96490 invoked by uid 99); 6 May 2015 12:39:18 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 May 2015 12:39:18 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id CE02AE17C0; Wed,  6 May 2015 12:39:18 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: dnwe@apache.org
To: commits@qpid.apache.org
Date: Wed, 06 May 2015 12:39:19 -0000
Message-Id: <4fdda8ff365c41009e360c44e6b9f564@git.apache.org>
In-Reply-To: <da218bc66eba4ed9968629bfd2dd0f28@git.apache.org>
References: <da218bc66eba4ed9968629bfd2dd0f28@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/3] qpid-proton git commit: NO-JIRA: prevent out-of-bounds memory
 access

NO-JIRA: prevent out-of-bounds memory access


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/dddfde20
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/dddfde20
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/dddfde20

Branch: refs/heads/master
Commit: dddfde20dcf7cb2631c04eea2aea42b5a5f180f1
Parents: 81c2110
Author: Dominic Evans <dominic.evans@uk.ibm.com>
Authored: Wed Apr 29 17:09:29 2015 +0100
Committer: Dominic Evans <dominic.evans@uk.ibm.com>
Committed: Wed May 6 13:36:11 2015 +0100

----------------------------------------------------------------------
 proton-c/src/codec/codec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/dddfde20/proton-c/src/codec/codec.c
----------------------------------------------------------------------
diff --git a/proton-c/src/codec/codec.c b/proton-c/src/codec/codec.c
index 25d3701..29580e2 100644
--- a/proton-c/src/codec/codec.c
+++ b/proton-c/src/codec/codec.c
@@ -477,6 +477,7 @@ int pn_data_intern_node(pn_data_t *data, pni_node_t *node)
 int pn_data_vfill(pn_data_t *data, const char *fmt, va_list ap)
 {
   int err = 0;
+  const char *begin = fmt;
   while (*fmt) {
     char code = *(fmt++);
     if (!code) return 0;
@@ -578,7 +579,7 @@ int pn_data_vfill(pn_data_t *data, const char *fmt, va_list ap)
       }
       break;
     case '[':
-      if (*(fmt - 2) != 'T') {
+      if (fmt < (begin + 2) || *(fmt - 2) != 'T') {
         err = pn_data_put_list(data);
         if (err) return err;
         pn_data_enter(data);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org