Use comparisons between rpc->len and rpc->pos, rather than computing
their difference. This avoids potential errors when this value is
negative and we access it.
Use an int to store the return value from packet_read_line(), instead
of a size_t.
Handle the errorneous condition where rpc->pos exceeds rpc->len by
printing a message and aborting the transfer (return 0).
Remove extraneous semicolon (';') at the end of the if statement, that
prevented code in its block from executing.
Signed-off-by: Tay Ray Chuan <rctay89@xxxxxxxxx>
---
Users might experience issues when pushing with chunked encoding when
size_t avail is negative.
remote-curl.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/remote-curl.c b/remote-curl.c
index 69eaf58..a2b8bbf 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -297,17 +297,22 @@ static size_t rpc_out(void *ptr, size_t eltsize,
{
size_t max = eltsize * nmemb;
struct rpc_state *rpc = buffer_;
- size_t avail = rpc->len - rpc->pos;
+ size_t avail = (size_t) 0;
- if (!avail) {
- avail = packet_read_line(rpc->out, rpc->buf, rpc->alloc);
- if (!avail)
+ if (rpc->pos == rpc->len) {
+ int n = packet_read_line(rpc->out, rpc->buf, rpc->alloc);
+ if (!n)
return 0;
rpc->pos = 0;
- rpc->len = avail;
+ avail = rpc->len = (size_t) n;
+ } else if (rpc->pos > rpc->len) {
+ error("bad condition!");
+ return 0;
+ } else {
+ avail = rpc->len - rpc->pos;
}
- if (max < avail);
+ if (max < avail)
avail = max;
memcpy(ptr, rpc->buf + rpc->pos, avail);
rpc->pos += avail;
--
1.6.5.3.301.gb2eb
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html