Context Navigation

Back to Ticket #12087

Ticket #12087: 0001-Off-by-one-error-in-BMessage-SetCurrentSpecifier.patch

File 0001-Off-by-one-error-in-BMessage-SetCurrentSpecifier.patch, 757 bytes (added by AGMS, 9 years ago)
Just change the test to be >= count to avoid the bug.

src/kits/app/Message.cpp

From e694b82b2c113c35a29c51a0217bd6d0ea780689 Mon Sep 17 00:00:00 2001
From: "Alexander G. M. Smith" <agmsmith@ncf.ca>
Date: Fri, 22 May 2015 11:05:39 -0400
Subject: [PATCH] Off by one error in BMessage::SetCurrentSpecifier.

You can set the index to be past the end of the Specifier array.
---
 src/kits/app/Message.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kits/app/Message.cpp b/src/kits/app/Message.cpp
index 6ece894..04df69f 100644

                BMessage::SetCurrentSpecifier(int32 index)
     if (result != B_OK)
         return result;
     if (index > count)
+    if (index >= count)
         return B_BAD_INDEX;
     fHeader->current_specifier = index;

Download in other formats:

Original Format