Browse code
bb#8239 - added offset check to prevent integer wrap
Kevin Lin authored on 2016/06/15 06:11:41Showing 1 changed files
| ... | ... |
@@ -1761,7 +1761,10 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
| 1761 | 1761 |
if(pt->partno != 1) {
|
| 1762 | 1762 |
for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[pt->partno - 2][j] != -1; j++) {
|
| 1763 | 1763 |
found = j; |
| 1764 |
- if(pt->maxdist) |
|
| 1764 |
+ if(realoff < offmatrix[pt->partno - 2][j]) |
|
| 1765 |
+ found = 0; |
|
| 1766 |
+ |
|
| 1767 |
+ if(found && pt->maxdist) |
|
| 1765 | 1768 |
if(realoff - offmatrix[pt->partno - 2][j] > pt->maxdist) |
| 1766 | 1769 |
found = 0; |
| 1767 | 1770 |
|