Fix apparent possible memory overrun in processing_queue

The queue is a simple array of strings of size defined by:
  #define MAX_PROCESSING_OOPS 10
but the add_to / remove_from functions were hard coded to wrap the tail and
head array indices at 100.

Signed-off-by: Tim Pepper <timothy.c.pepper@linux.intel.com>

diff --git a/src/coredump.c b/src/coredump.c
index 8325250..df9e70c 100644 (file)
--- a/src/coredump.c
+++ b/src/coredump.c
@@ -461,7 +461,7 @@ static void remove_from_processing_queue(void)
        free(processing_queue[head]);
        processing_queue[head++] = NULL;
 
-       if (head == 100)
+       if (head == MAX_PROCESSING_OOPS)
                head = 0;
 }
 
@@ -692,7 +692,7 @@ static int add_to_processing(char *fullpath)
 
        g_hash_table_insert(core_status.processing_oops, c2, c2);
        processing_queue[tail++] = fp;
-       if (tail == 100)
+       if (tail == MAX_PROCESSING_OOPS)
                tail = 0;
 
        pthread_mutex_unlock(&processing_queue_mtx);