From 3805ba3b8ac61cf007fd92226b1ebed0a5828aa2 Mon Sep 17 00:00:00 2001 From: "emellor@leeni.uk.xensource.com" Date: Thu, 17 Nov 2005 12:59:12 +0100 Subject: [PATCH] Correct buffer->size at the same time as buffer->capacity when shrinking down a buffer that has grown beyond max_capacity. This fixes a Xenconsoled segfault that was caused by stomping around above the buffer's allocated region. It became possible to set the max_capacity with changeset 7431, and ever since then we have been exposed to this bug. It would most easily be triggered by running a domain without a client attached to the console, so that the max_capacity was reached more easily. Closes bug #380. Signed-off-by: Ewan Mellor --- tools/console/daemon/io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/console/daemon/io.c b/tools/console/daemon/io.c index 6a9de1b48f..80e76c416e 100644 --- a/tools/console/daemon/io.c +++ b/tools/console/daemon/io.c @@ -114,7 +114,7 @@ static void buffer_append(struct domain *dom) buffer->data, buffer->max_capacity); buffer->data = realloc(buffer->data, buffer->max_capacity); - buffer->capacity = buffer->max_capacity; + buffer->size = buffer->capacity = buffer->max_capacity; } } -- 2.30.2