[erlang-bugs] Bug in ei_decode_fun

Paul Guyot pguyot@REDACTED
Fri Oct 3 16:16:29 CEST 2008


Hello,

There is a bug in ei_decode_fun, decode_fun.c, line 106.

	n = n - (s - s0) + 1;
	if (p != NULL) {
	    p->free_var_len = n;
	    if (n > 0) {
		p->free_vars = malloc(n); /* FIXME check result */
		memcpy(p->free_vars, s, n);
	    }
	}
	*index += s-s0;			<--- this is line 106
         return 0;

The buffer cursor is incremented by s0 (start) - s (cursor before the  
freevars). It should be incremented by n as well:

	*index += n + s-s0;

Regards,

Paul




More information about the erlang-bugs mailing list