From: Alan Jenkins Date: Thu, 28 May 2009 16:59:06 +0000 (+0100) Subject: udevd: queue-export - fix crash X-Git-Tag: 174~1024 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=542aeeb48ab002c6136885f99aa23870f8ffa25b;p=systemd udevd: queue-export - fix crash The math in skip_to() was the wrong way round and allocated a variable size array on the stack with a massively negative size. Signed-off-by: Alan Jenkins --- diff --git a/udev/lib/libudev-queue-export.c b/udev/lib/libudev-queue-export.c index ddb1974d..a36ff515 100644 --- a/udev/lib/libudev-queue-export.c +++ b/udev/lib/libudev-queue-export.c @@ -115,8 +115,8 @@ static int skip_to(FILE *file, long offset) /* fseek may drop buffered data, avoid it for small seeks */ old_offset = ftell(file); - if (offset > old_offset && old_offset - offset <= BUFSIZ) { - size_t skip_bytes = old_offset - offset; + if (offset > old_offset && offset - old_offset <= BUFSIZ) { + size_t skip_bytes = offset - old_offset; char buf[skip_bytes]; if (fread(buf, skip_bytes, 1, file) != skip_bytes)