gnrc_pktbuf_static.c: fix overflow in gnrc_pktbuf_realloc_data

This patch fixes overflow, which is caused by (pkt->size - aligned_size). This happens if pkt->size and new size are unaligned and the difference between pkt->size and new size is less than four.

gnrc_pktbuf_static.c: fix overflow in gnrc_pktbuf_realloc_data
2f94d669 · Johann Fischer · 26f9f7fa · 2f94d669
Commit 2f94d669 authored 9 years ago by Johann Fischer
--- a/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
+++ b/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
@@ -179,8 +179,10 @@ int gnrc_pktbuf_realloc_data(gnrc_pktsnip_t *pkt, size_t size)
        pkt->data = new_data;
    }
    else {
-        _pktbuf_free(((uint8_t *)pkt->data) + aligned_size,
+        if (_align(pkt->size) > aligned_size) {
-                     pkt->size - aligned_size);
+            _pktbuf_free(((uint8_t *)pkt->data) + aligned_size,
+                         pkt->size - aligned_size);
+        }
    }
    pkt->size = size;
    mutex_unlock(&_mutex);