From ec3750c59068f1ac2c226c33b7e424f1151d49d3 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 5 Sep 2018 19:00:20 +0200 Subject: [PATCH] BUG/MAJOR: buffer: fix incorrect check in __b_putblk() This function was split in two at commit f7d0447 ("MINOR: buffers: split b_putblk() into __b_putblk()") but it's wrong, the first half's length is not adjusted to the requested size so it copies more than desired. This is purely 1.9-specific, no backport is needed. --- include/common/buf.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/common/buf.h b/include/common/buf.h index 96472622ec..a1355e653e 100644 --- a/include/common/buf.h +++ b/include/common/buf.h @@ -494,6 +494,9 @@ static inline void __b_putblk(struct buffer *b, const char *blk, size_t len) { size_t half = b_contig_space(b); + if (half > len) + half = len; + memcpy(b_tail(b), blk, half); if (len > half)