aboutsummaryrefslogtreecommitdiffstats
path: root/erts
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2011-11-23 11:00:18 +0100
committerRaimo Niskanen <[email protected]>2011-11-28 15:20:35 +0100
commitbc09f6a6eda75c4e1df708cb523ffc76340c066d (patch)
tree7fc17a6f945855197f930b5878224fb210ab6658 /erts
parentccf2297b252074a5dd05b58af7eee0cb90d51378 (diff)
downloadotp-bc09f6a6eda75c4e1df708cb523ffc76340c066d.tar.gz
otp-bc09f6a6eda75c4e1df708cb523ffc76340c066d.tar.bz2
otp-bc09f6a6eda75c4e1df708cb523ffc76340c066d.zip
erts: Fix faulty udp-buffer handling
Caused core dump with gen_udp_SUITE on halfword vm.
Diffstat (limited to 'erts')
-rw-r--r--erts/emulator/drivers/common/inet_drv.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/erts/emulator/drivers/common/inet_drv.c b/erts/emulator/drivers/common/inet_drv.c
index 1fe9e04341..dcc2954b02 100644
--- a/erts/emulator/drivers/common/inet_drv.c
+++ b/erts/emulator/drivers/common/inet_drv.c
@@ -10269,6 +10269,7 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
int code;
void * extra = NULL;
char * ptr;
+ int nsz;
inet_input_count(desc, n);
udesc->i_ptr += n;
@@ -10282,17 +10283,19 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
ptr = udesc->i_buf->orig_bytes + sizeof(other) - len;
sys_memcpy(ptr, abuf, len);
+ nsz = udesc->i_ptr - ptr;
+
/* Check if we need to reallocate binary */
- if ((desc->mode == INET_MODE_BINARY) &&
- (desc->hsz < (udesc->i_ptr - ptr)) &&
- ((udesc->i_ptr - ptr) + BIN_REALLOC_MARGIN(desc->bufsz) >=
- udesc->i_bufsz)) {
+ if ((desc->mode == INET_MODE_BINARY)
+ && (desc->hsz < (nsz - len))
+ && (nsz + BIN_REALLOC_MARGIN(desc->bufsz) < udesc->i_bufsz)) {
ErlDrvBinary* tmp;
int bufsz;
bufsz = udesc->i_ptr - udesc->i_buf->orig_bytes;
if ((tmp = realloc_buffer(udesc->i_buf, bufsz)) != NULL) {
udesc->i_buf = tmp;
udesc->i_bufsz = bufsz;
+ udesc->i_ptr = NULL; /* not used from here */
}
}
#ifdef HAVE_SCTP
@@ -10300,8 +10303,8 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
#endif
/* Actual parsing and return of the data received, occur here: */
code = packet_reply_binary_data(desc, len, udesc->i_buf,
- ptr - udesc->i_buf->orig_bytes,
- udesc->i_ptr - ptr,
+ (sizeof(other) - len),
+ nsz,
extra);
free_buffer(udesc->i_buf);
udesc->i_buf = NULL;