opensourcemirror
/
neovim
mirror of https://github.com/neovim/neovim.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: buffer overrun in lmpack_session_receive 

The offset was not taken into account when calculating the remaining buffer size.
This commit is contained in:
Fred Sundvik 2024-02-05 14:39:29 +02:00
parent cbb7632aa0
commit d6483793e1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mpack/lmpack.c
View File

@ -882,7 +882,9 @@ static int lmpack_session_receive(lua_State *L)
luaL_argcheck(L, (size_t)startpos <= len, 3,
"start position must be less than or equal to the input string length");
str += (size_t)startpos - 1;
size_t offset = (size_t)startpos - 1 ;
str += offset;
len -= offset;
if (session->unpacker != LUA_REFNIL) {
lmpack_geti(L, session->reg, session->unpacker);