neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit d6483793e1c3e337e33b53452c0e0249107d099b
parent cbb7632aa0168b6b69f17ec2f97aa3c30eb58553
Author: Fred Sundvik <fsundvik@gmail.com>
Date:   Mon,  5 Feb 2024 14:39:29 +0200

fix: buffer overrun in lmpack_session_receive

The offset was not taken into account when calculating the remaining buffer size.

Diffstat:

Msrc/mpack/lmpack.c | 4+++-


1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mpack/lmpack.c b/src/mpack/lmpack.c
@@ -882,7 +882,9 @@ static int lmpack_session_receive(lua_State *L)
   luaL_argcheck(L, (size_t)startpos <= len, 3,
       "start position must be less than or equal to the input string length");
 
-  str += (size_t)startpos - 1;
+  size_t offset = (size_t)startpos - 1 ;
+  str += offset;
+  len -= offset;
 
   if (session->unpacker != LUA_REFNIL) {
     lmpack_geti(L, session->reg, session->unpacker);