Skip to content
This repository has been archived by the owner on Dec 10, 2018. It is now read-only.

Commit

Permalink
Merge pull request #27 from maralla/stackoverflow
Browse files Browse the repository at this point in the history 
fix buffer overflow bug
  • Loading branch information
@lxyu
lxyu committed Aug 15, 2014
2 parents 5740f8c + f13e1f5 commit 94fb5cc
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions thriftpy/protocol/cybin/binbuf.pxi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,15 @@ cdef class BinaryRW(object):
cdef bytes new_data
if self.rbuf.data_size == 0:
self.rbuf.cur = 0
self.rbuf.data_size = 0
if self.rbuf.data_size < size:
cap = self.rbuf.buf_size - self.rbuf.data_size
if cap < 256:
self.rbuf.move_to_start()
new_data = self.trans._read(cap)

# buf + buf_size >= buf + cur + data_size + new_data_len -->
# buf_size - data_size >= cur + new_data_len -->
# cap - cur >= new_data_len
if cap - self.rbuf.cur < len(new_data) or cap < 256:
self.rbuf.move_to_start()
memcpy(self.rbuf.buf + self.rbuf.cur + self.rbuf.data_size,
<byte*>new_data, len(new_data))
self.rbuf.data_size += len(new_data)
Expand Down Expand Up @@ -120,7 +123,7 @@ cdef class BinaryRW(object):
self.rbuf.data_size -= size

cdef ensure_wbuf(self, int size):
cdef int cap = self.rbuf.buf_size - self.rbuf.data_size
cdef int cap = self.wbuf.buf_size - self.wbuf.data_size

if cap < size:
if size > self.wbuf.buf_size:
Expand Down

0 comments on commit 94fb5cc

Please sign in to comment.