diff --git a/src/http.c b/src/http.c index 703c58ca..c04c5850 100644 --- a/src/http.c +++ b/src/http.c @@ -272,16 +272,17 @@ static void _http_add_body_bytes(tf_http_connection_t* connection, const void* d } mask_start = 10; } - if (connection->body_length >= mask_start + length + 4) + size_t total_length = mask_start + 4 + length; + if (connection->body_length >= total_length) { uint32_t mask = (uint32_t)p[mask_start + 0] | (uint32_t)p[mask_start + 1] << 8 | (uint32_t)p[mask_start + 2] << 16 | (uint32_t)p[mask_start + 3] << 24; - _http_websocket_mask_in_place(p + mask_start + 4, mask, length); + uint8_t* message = p + mask_start + 4; + _http_websocket_mask_in_place(message, mask, length); - const uint8_t* message = p + mask_start + 4; if (!fin && !connection->fragment_op_code) { connection->fragment_op_code = op_code; @@ -307,9 +308,11 @@ static void _http_add_body_bytes(tf_http_connection_t* connection, const void* d connection->fragment_length = 0; } connection->websocket_message_index++; - size_t total_length = mask_start + 4 + length; - memmove(connection->body, (char*)connection->body + total_length, connection->body_length - total_length); - connection->body_length -= total_length; + if (connection->body_length > total_length) + { + memmove(connection->body, (char*)connection->body + total_length, connection->body_length - total_length); + connection->body_length -= total_length; + } } else {