From: Azat Khuzhin Date: Tue, 21 Jun 2016 16:49:57 +0000 (+0300) Subject: buffer: fix overflow check in evbuffer_expand_singlechain() X-Git-Tag: release-2.1.6-beta~22^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a3f4ccd1a16d855353c9f555f15111c9186facc2;p=libevent buffer: fix overflow check in evbuffer_expand_singlechain() Refs: #306 Fixes: #340 Fixes: 20d6d4458bee5d88bda1511c225c25b2d3198d6c --- diff --git a/buffer.c b/buffer.c index 6786f902..1a35fb21 100644 --- a/buffer.c +++ b/buffer.c @@ -1982,8 +1982,7 @@ evbuffer_expand_singlechain(struct evbuffer *buf, size_t datlen) /* Would expanding this chunk be affordable and worthwhile? */ if (CHAIN_SPACE_LEN(chain) < chain->buffer_len / 8 || chain->off > MAX_TO_COPY_IN_EXPAND || - (datlen < EVBUFFER_CHAIN_MAX && - EVBUFFER_CHAIN_MAX - datlen >= chain->off)) { + datlen >= (EVBUFFER_CHAIN_MAX - chain->off)) { /* It's not worth resizing this chain. Can the next one be * used? */ if (chain->next && CHAIN_SPACE_LEN(chain->next) >= datlen) {