From b6f7e4678bfa8e1db6da61c9661cf0c9b2b615d6 Mon Sep 17 00:00:00 2001 From: Emmanuel Fleury Date: Wed, 13 Jan 2021 13:23:40 +0100 Subject: [PATCH] Another fix on g_socket_send_message() We forgot to take into account the case where num_vectors is '-1'. --- gio/gsocket.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/gio/gsocket.c b/gio/gsocket.c index dfb6f8d8f..3a02dccde 100644 --- a/gio/gsocket.c +++ b/gio/gsocket.c @@ -4784,18 +4784,37 @@ g_socket_send_message (GSocket *socket, gsize bytes_written = 0; gsize vectors_size = 0; - for (gsize i = 0; i < num_vectors; i++) + if (num_vectors != -1) { - /* No wrap-around for vectors_size */ - if (vectors_size > vectors_size + vectors[i].size) + for (gint i = 0; i < num_vectors; i++) { - g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, - _("Unable to send message: %s"), - _("Message vectors too large")); - return -1; - } + /* No wrap-around for vectors_size */ + if (vectors_size > vectors_size + vectors[i].size) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, + _("Unable to send message: %s"), + _("Message vectors too large")); + return -1; + } - vectors_size += vectors[i].size; + vectors_size += vectors[i].size; + } + } + else + { + for (gsize i = 0; vectors[i].buffer != NULL; i++) + { + /* No wrap-around for vectors_size */ + if (vectors_size > vectors_size + vectors[i].size) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, + _("Unable to send message: %s"), + _("Message vectors too large")); + return -1; + } + + vectors_size += vectors[i].size; + } } /* Check if vector's buffers are too big for gssize */