Fix segfault in libwebsocket_write()

Since 'shift' has unsigned integer type,
the following code may lead to infinite cycle
and segfault:

    while (shift >= 0) {
    	if (shift)
    		buf[0 - pre + n] =
    			((len >> shift) & 127) | 0x80;
    	else
    		buf[0 - pre + n] =
    			((len >> shift) & 127);
    	n++;
    	shift -= 7;
    }

Change type to signed integer.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@auriga.com>

diff --git a/lib/parsers.c b/lib/parsers.c
index 7e1e900..4f1c792 100644 (file)
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -1115,7 +1115,7 @@ int libwebsocket_write(struct libwebsocket *wsi, unsigned char *buf,
        int m;
        int pre = 0;
        int post = 0;
-       unsigned int shift = 7;
+       int shift = 7;
        struct lws_tokens eff_buf;
        int ret;