浏览代码

Fix heap buffer overflow if exchangeBuffer did not help

see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4496

Credit to oss-fuzz
Stefan Profanter 7 年之前
父节点
当前提交
dd29bac3dc
共有 1 个文件被更改,包括 1 次插入1 次删除
  1. 1 1
      src/ua_types_encoding_binary.c

+ 1 - 1
src/ua_types_encoding_binary.c

@@ -1412,7 +1412,7 @@ UA_encodeBinaryInternal(const void *src, const UA_DataType *type) {
                 ptr -= member->padding + memSize; /* encode the same member in the next iteration */
                 if(ret == UA_STATUSCODE_BADENCODINGLIMITSEXCEEDED || g_pos + memSize > g_end) {
                     /* the send buffer is too small to encode the member, even after exchangeBuffer */
-                    return UA_STATUSCODE_BADENCODINGLIMITSEXCEEDED;
+                    return UA_STATUSCODE_BADRESPONSETOOLARGE;
                 }
                 --i;
             }