From a19fbf22e25b443b26f7216eb0abbae8477aecfb Mon Sep 17 00:00:00 2001 From: Gurvinder Singh Date: Thu, 31 Dec 2009 08:37:22 +0530 Subject: [PATCH] bug 29 patch --- src/stream-tcp-reassemble.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 9dd5c37e67..0dab6916a2 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -495,9 +495,10 @@ static int HandleSegmentStartsBeforeListSegment(TcpStream *stream, end_after = TRUE; overlap_point = list_seg->seq; SCLogDebug("starts before list seg, ends after list end: seg->seq " - "%" PRIu32 ", list_seg->seq %" PRIu32 ", " - "list_seg->payload_len %" PRIu32 " overlap is %" PRIu32 "", - seg->seq, list_seg->seq, list_seg->payload_len, overlap); + "%" PRIu32 ", seg->payload_len %"PRIu32" list_seg->seq " + "%" PRIu32 ", list_seg->payload_len %" PRIu32 " overlap is" + " %" PRIu32 "", seg->seq, list_seg->seq, + list_seg->payload_len, overlap, seg->payload_len); } if (overlap > 0) { @@ -654,8 +655,7 @@ static int HandleSegmentStartsBeforeListSegment(TcpStream *stream, copy_len); /* copy the part after list_seg */ - copy_len = packet_length - ((list_seg->seq + - list_seg->payload_len) - seg->seq); + copy_len = packet_length - list_seg->payload_len; StreamTcpSegmentDataReplace(new_seg, seg, (list_seg->seq + list_seg->payload_len), copy_len); @@ -1537,10 +1537,10 @@ void StreamTcpSegmentDataReplace(TcpSegment *dst_seg, TcpSegment *src_seg, dst_pos = dst_seg->seq - start_point; } - BUG_ON(len + dst_pos > dst_seg->payload_len); + BUG_ON(((len + dst_pos) - 1) > dst_seg->payload_len); for (seq = start_point; SEQ_LT(seq, (start_point + len)); seq++) { - if (dst_pos >= dst_seg->payload_len) + if (dst_pos > dst_seg->payload_len) abort(); dst_seg->payload[dst_pos] = src_seg->payload[s_cnt];