From 197fca6d3b0cb5d62b2428958c6abbc67e2b26e9 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Mon, 1 Jan 2024 22:14:27 +0000 Subject: [PATCH] Fix/cleanup around a crash I'm seeing. git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4720 ed5197a5-7fde-0310-b194-c3ffbd925b24 --- src/http.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/http.c b/src/http.c index 703c58caa..c04c58500 100644 --- a/src/http.c +++ b/src/http.c @@ -272,16 +272,17 @@ static void _http_add_body_bytes(tf_http_connection_t* connection, const void* d } mask_start = 10; } - if (connection->body_length >= mask_start + length + 4) + size_t total_length = mask_start + 4 + length; + if (connection->body_length >= total_length) { uint32_t mask = (uint32_t)p[mask_start + 0] | (uint32_t)p[mask_start + 1] << 8 | (uint32_t)p[mask_start + 2] << 16 | (uint32_t)p[mask_start + 3] << 24; - _http_websocket_mask_in_place(p + mask_start + 4, mask, length); + uint8_t* message = p + mask_start + 4; + _http_websocket_mask_in_place(message, mask, length); - const uint8_t* message = p + mask_start + 4; if (!fin && !connection->fragment_op_code) { connection->fragment_op_code = op_code; @@ -307,9 +308,11 @@ static void _http_add_body_bytes(tf_http_connection_t* connection, const void* d connection->fragment_length = 0; } connection->websocket_message_index++; - size_t total_length = mask_start + 4 + length; - memmove(connection->body, (char*)connection->body + total_length, connection->body_length - total_length); - connection->body_length -= total_length; + if (connection->body_length > total_length) + { + memmove(connection->body, (char*)connection->body + total_length, connection->body_length - total_length); + connection->body_length -= total_length; + } } else {