Changeset 14568


Ignore:
Timestamp:
Oct 5, 2015, 1:21:47 AM (6 years ago)
Author:
mikedld
Message:

#5732: Fix possible overflow in messageLengthIsCorrect (partial patch by cfpp2p)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/peer-msgs.c

    r14525 r14568  
    13871387        case BT_BITFIELD:
    13881388            if (tr_torrentHasMetadata (msg->torrent))
    1389                 return len == (msg->torrent->info.pieceCount + 7u) / 8u + 1u;
     1389                return len == (msg->torrent->info.pieceCount >> 3) + (msg->torrent->info.pieceCount & 7 ? 1 : 0) + 1u;
    13901390            /* we don't know the piece count yet,
    13911391               so we can only guess whether to send true or false */
     
    14871487#endif
    14881488    const bool fext = tr_peerIoSupportsFEXT (msgs->io);
     1489
     1490    assert (msglen > 0);
    14891491
    14901492    --msglen; /* id length */
Note: See TracChangeset for help on using the changeset viewer.