IceFlush: signal fatal I/O error if bufptr is past end of buffer

It should never happen, but has been possible in the past when we didn't handle buffer checks properly - this would help us catch it if a similar mistake ever happens again (or the wrong memory pointer gets corrupted by something else). Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2022-09-07 13:37:34 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2022-09-07 15:32:47 -0700
commit: b399fc2b3c5c2cf5f0d36d98c372f353a8186d15 (patch)
tree: 707eff36fb3120ba40247318b6d0171cd7b43626
parent: 918d58772595e7cd9907a7b08874196442fbf599 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/misc.c b/src/misc.c
index 0e15adc..d23b1df 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -119,6 +119,16 @@ IceFlush (
 	IceConn iceConn
 )
 {
+    /*
+     * Should be impossible, unless we messed up our buffer math somewhere,
+     * or one of our pointers has been corrupted.
+     */
+    if (_X_UNLIKELY(iceConn->outbufptr > iceConn->outbufmax))
+    {
+	IceFatalIOError (iceConn);
+	return 0;
+    }
+
     _IceWrite (iceConn,
 	(unsigned long) (iceConn->outbufptr - iceConn->outbuf),
 	iceConn->outbuf);
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2022-09-07 13:37:34 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2022-09-07 15:32:47 -0700
commit	b399fc2b3c5c2cf5f0d36d98c372f353a8186d15 (patch)
tree	707eff36fb3120ba40247318b6d0171cd7b43626
parent	918d58772595e7cd9907a7b08874196442fbf599 (diff)