fix: buffer overrun in lmpack_session_receive

The offset was not taken into account when calculating the remaining buffer size.
author: Fred Sundvik <fsundvik@gmail.com> 2024-02-05 14:39:29 +0200
committer: Fred Sundvik <fsundvik@gmail.com> 2024-02-06 01:07:54 +0200
commit: d6483793e1c3e337e33b53452c0e0249107d099b (patch)
tree: afaf6a74e98703d2871694dbf730fa1b8bf92809
parent: cbb7632aa0168b6b69f17ec2f97aa3c30eb58553 (diff)
download: rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.tar.gz
rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.tar.bz2
rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/mpack/lmpack.c b/src/mpack/lmpack.c
index ff21e29789..4ce4b5f3e5 100644
--- a/src/mpack/lmpack.c
+++ b/src/mpack/lmpack.c
@@ -882,7 +882,9 @@ static int lmpack_session_receive(lua_State *L)
   luaL_argcheck(L, (size_t)startpos <= len, 3,
       "start position must be less than or equal to the input string length");
 
-  str += (size_t)startpos - 1;
+  size_t offset = (size_t)startpos - 1 ;
+  str += offset;
+  len -= offset;
 
   if (session->unpacker != LUA_REFNIL) {
     lmpack_geti(L, session->reg, session->unpacker);
author	Fred Sundvik <fsundvik@gmail.com>	2024-02-05 14:39:29 +0200
committer	Fred Sundvik <fsundvik@gmail.com>	2024-02-06 01:07:54 +0200
commit	d6483793e1c3e337e33b53452c0e0249107d099b (patch)
tree	afaf6a74e98703d2871694dbf730fa1b8bf92809
parent	cbb7632aa0168b6b69f17ec2f97aa3c30eb58553 (diff)
download	rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.tar.gz rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.tar.bz2 rneovim-d6483793e1c3e337e33b53452c0e0249107d099b.zip