aboutsummaryrefslogtreecommitdiffstats
path: root/HOWTO
diff options
context:
space:
mode:
authorKostis Sagonas <[email protected]>2015-10-12 07:53:20 +0200
committerKostis Sagonas <[email protected]>2015-10-12 07:53:20 +0200
commitd94a8ef6dc136dd2eedf3c3ad4bc053ca8fdd1b0 (patch)
treea5e54dfd9d03b28ab6ede0cca054ad5892edaa2d /HOWTO
parent4f9905824002bebc33c2914669b4c364927cb0ee (diff)
downloadotp-d94a8ef6dc136dd2eedf3c3ad4bc053ca8fdd1b0.tar.gz
otp-d94a8ef6dc136dd2eedf3c3ad4bc053ca8fdd1b0.tar.bz2
otp-d94a8ef6dc136dd2eedf3c3ad4bc053ca8fdd1b0.zip
Fix edge case of Size = 0 in bs_put_integer
copy_offset_int_big was assuming (Offset + Size - 1) (Tmp9 in the first BB) would not underflow. It was also unconditionally reading and writing the binary even when Size was zero, unlike copy_int_little, which is the only other case of bs_put_integer that does not have a short-circuit on Size = 0. This was causing segfaults when constructing binaries starting with a zero-length integer field, because a logical right shift was used to compute an offset in bytes (which became 0x1fffffffffffffff) to read in the binary. Tests, taken from the emulator bs_construct_SUITE, were also added. The complete credit for the report and the fix goes to Magnus Lång.
Diffstat (limited to 'HOWTO')
0 files changed, 0 insertions, 0 deletions