From ccfb139a220cc8da2092198a409626d89c4c3667 Mon Sep 17 00:00:00 2001
From: Tim Pepper <timothy.c.pepper@linux.intel.com>
Date: Fri, 14 Sep 2012 13:33:55 -0700
Subject: [PATCH] Fix apparent possible memory overrun in processing_queue

The queue is a simple array of strings of size defined by:
  #define MAX_PROCESSING_OOPS 10
but the add_to / remove_from functions were hard coded to wrap the tail and
head array indices at 100.

Signed-off-by: Tim Pepper <timothy.c.pepper@linux.intel.com>
---
 src/coredump.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coredump.c b/src/coredump.c
index 8325250..df9e70c 100644
--- a/src/coredump.c
+++ b/src/coredump.c
@@ -461,7 +461,7 @@ static void remove_from_processing_queue(void)
 	free(processing_queue[head]);
 	processing_queue[head++] = NULL;
 
-	if (head == 100)
+	if (head == MAX_PROCESSING_OOPS)
 		head = 0;
 }
 
@@ -692,7 +692,7 @@ static int add_to_processing(char *fullpath)
 
 	g_hash_table_insert(core_status.processing_oops, c2, c2);
 	processing_queue[tail++] = fp;
-	if (tail == 100)
+	if (tail == MAX_PROCESSING_OOPS)
 		tail = 0;
 
 	pthread_mutex_unlock(&processing_queue_mtx);
-- 
2.7.4