aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2014-03-25 16:58:49 +0100
committerSverker Eriksson <[email protected]>2014-03-25 16:58:49 +0100
commitd54ef284388e4e5148be8de51ba2f9ebc2e3285e (patch)
treefbf7d51e19dfdaf268ad18c2f4623546f0b5c6a7
parent6d863e5ffe35aeb1197e3db13df32e1bdce085bb (diff)
parent78b118bc5f503435b1d9216b3a3279e0c9fd9ecd (diff)
downloadotp-d54ef284388e4e5148be8de51ba2f9ebc2e3285e.tar.gz
otp-d54ef284388e4e5148be8de51ba2f9ebc2e3285e.tar.bz2
otp-d54ef284388e4e5148be8de51ba2f9ebc2e3285e.zip
Merge branch 'sverk/maps_remove_bug'
* sverk/maps_remove_bug: erts: Fix heap overflow in maps:remove/2 when key is not found
-rw-r--r--erts/emulator/beam/erl_map.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/erts/emulator/beam/erl_map.c b/erts/emulator/beam/erl_map.c
index 2fff7f9390..fdd2d0c0f6 100644
--- a/erts/emulator/beam/erl_map.c
+++ b/erts/emulator/beam/erl_map.c
@@ -647,22 +647,24 @@ int erts_maps_remove(Process *p, Eterm key, Eterm map, Eterm *res) {
*mhp++ = tup;
if (is_immed(key)) {
- while(n--) {
+ while (1) {
if (*ks == key) {
goto found_key;
- } else {
+ } else if (--n) {
*mhp++ = *vs++;
*thp++ = *ks++;
- }
+ } else
+ break;
}
} else {
- while(n--) {
+ while(1) {
if (EQ(*ks, key)) {
goto found_key;
- } else {
+ } else if (--n) {
*mhp++ = *vs++;
*thp++ = *ks++;
- }
+ } else
+ break;
}
}
@@ -676,7 +678,7 @@ int erts_maps_remove(Process *p, Eterm key, Eterm map, Eterm *res) {
found_key:
/* Copy rest of keys and values */
- if (n) {
+ if (--n) {
sys_memcpy(mhp, vs+1, n*sizeof(Eterm));
sys_memcpy(thp, ks+1, n*sizeof(Eterm));
}