jcs
/subtext
/amendments
/106
bile: Correct size calculation in bile_unmarshall_object
The full size has already been written into the data being
unmarshalled, no need to multiply it by the field size
jcs made amendment 106 about 1 year ago
--- bile.c Wed May 18 14:47:34 2022
+++ bile.c Sun May 22 21:14:06 2022
@@ -661,13 +661,13 @@ bile_unmarshall_object(struct bile *bile,
if (fields[n].size < 0) {
/* dynamically-sized field, read length */
memcpy(&fsize, data + off, sizeof(fsize));
- fsize *= -(fields[n].size);
off += sizeof(fsize);
} else
fsize = fields[n].size;
if (off + fsize > size)
- panic("bile_unmarshall_object: overflow at field %lu!", n);
+ panic("bile_unmarshall_object: overflow at field %lu of %lu!",
+ n + 1, nfields);
ptr = (char *)object + fields[n].struct_off;