server: Fixed handling of inotify record length.

e979832d · Alexandre Julliard · d815b507 · e979832d
Commit e979832d authored Feb 08, 2006 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

change.c server/change.c +7 -5

No files found.
--- a/server/change.c
+++ b/server/change.c
@@ -416,7 +416,8 @@ static void inotify_do_change_notify( struct dir *dir, struct inotify_event *ie 
    if (dir->want_data)
    {
-        record = malloc( sizeof (*record) + ie->len - 1 ) ;
+        size_t len = strlen(ie->name);
+        record = malloc( offsetof(struct change_record, name[len]) );
        if (!record)
            return;
@@ -426,8 +427,8 @@ static void inotify_do_change_notify( struct dir *dir, struct inotify_event *ie 
            record->action = FILE_ACTION_REMOVED;
        else
            record->action = FILE_ACTION_MODIFIED;
-        memcpy( record->name, ie->name, ie->len );
+        memcpy( record->name, ie->name, len );
-        record->len = strlen( ie->name );
+        record->len = len;
        list_add_tail( &dir->change_records, &record->entry );
    }
@@ -456,13 +457,14 @@ static void inotify_poll_event( struct fd *fd, int event )
        return;
    }
-    for( ofs = 0; ofs < r; )
+    for( ofs = 0; ofs < r - offsetof(struct inotify_event, name); )
    {
        ie = (struct inotify_event*) &buffer[ofs];
        if (!ie->len)
            break;
+        ofs += offsetof( struct inotify_event, name[ie->len] );
+        if (ofs > r) break;
        inotify_do_change_notify( dir, ie );
-        ofs += (sizeof (*ie) + ie->len - 1);
    }
 }