From: Pavel Borzenkov <pavel.borzenkov@auriga.com>
Date: Fri, 15 Apr 2011 12:17:26 +0000 (+0100)
Subject: Fix segfault in libwebsocket_write()
X-Git-Tag: upstream/1.7.3~1335
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4b65a562a59ce79ec03a4d1720af8eedaeca5af9;p=platform%2Fupstream%2Flibwebsockets.git

Fix segfault in libwebsocket_write()

Since 'shift' has unsigned integer type,
the following code may lead to infinite cycle
and segfault:

    while (shift >= 0) {
    	if (shift)
    		buf[0 - pre + n] =
    			((len >> shift) & 127) | 0x80;
    	else
    		buf[0 - pre + n] =
    			((len >> shift) & 127);
    	n++;
    	shift -= 7;
    }

Change type to signed integer.

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@auriga.com>
---

diff --git a/lib/parsers.c b/lib/parsers.c
index 7e1e900..4f1c792 100644
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -1115,7 +1115,7 @@ int libwebsocket_write(struct libwebsocket *wsi, unsigned char *buf,
 	int m;
 	int pre = 0;
 	int post = 0;
-	unsigned int shift = 7;
+	int shift = 7;
 	struct lws_tokens eff_buf;
 	int ret;