diff options
Diffstat (limited to 'apps/buffering.c')
-rw-r--r-- | apps/buffering.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/apps/buffering.c b/apps/buffering.c index e66e95d66d..22ec821a30 100644 --- a/apps/buffering.c +++ b/apps/buffering.c | |||
@@ -486,6 +486,31 @@ static bool move_handle(struct memory_handle **h, size_t *delta, | |||
486 | cur_handle = dest; | 486 | cur_handle = dest; |
487 | 487 | ||
488 | if (overlap > 0) { | 488 | if (overlap > 0) { |
489 | /* FIXME : this code is broken and can leave the data corrupted when | ||
490 | * the amount of data to move is close to the whole buffer size. | ||
491 | * | ||
492 | * Example : ('S' is the source data, '-' is empty buffer) | ||
493 | * Size of the buffer is 8 bytes, starts at 0. | ||
494 | * Size of the data to move is 7 bytes. | ||
495 | * | ||
496 | * -SSSSSSS | ||
497 | * ^-------- start of source data == 1 | ||
498 | * | ||
499 | * DD-DDDDD ('D' is desired destination data) | ||
500 | * ^------ start of destination data == 3 | ||
501 | * | ||
502 | * memmove(3, 1, 5); | ||
503 | * memmove(0, 7, 2); | ||
504 | * | ||
505 | * First memmove() call will leave the buffer in this state: | ||
506 | * | ||
507 | * -SSDDDDD | ||
508 | * ^^ | ||
509 | * \--- data to be moved by the second memmove() call, but | ||
510 | * overwritten by the first call. | ||
511 | * | ||
512 | * See FS#10605 for more details | ||
513 | */ | ||
489 | size_t first_part = size_to_move - overlap; | 514 | size_t first_part = size_to_move - overlap; |
490 | memmove(dest, src, first_part); | 515 | memmove(dest, src, first_part); |
491 | memmove(buffer, (const char *)src + first_part, overlap); | 516 | memmove(buffer, (const char *)src + first_part, overlap); |