From 902013e4f80faa883dd9131cbdaa7e83c5a11d05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Thu, 29 Jun 2017 22:21:21 +0300
Subject: [PATCH] Fix off-by-one false positive in maxavro

The float and double types were calculated to exceed the internal buffer
sizes even though the buffer was of the correct size.
---
 avro/maxavro.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/avro/maxavro.c b/avro/maxavro.c
index c013a3b4e..8523ad307 100644
--- a/avro/maxavro.c
+++ b/avro/maxavro.c
@@ -246,12 +246,17 @@ bool maxavro_read_float(MAXAVRO_FILE* file, float *dest)
 {
     bool rval = false;
 
-    if (file->buffer_ptr + sizeof(*dest) < file->buffer_end)
+    if (file->buffer_ptr + sizeof(*dest) <= file->buffer_end)
     {
         memcpy(dest, file->buffer_ptr, sizeof(*dest));
         file->buffer_ptr += sizeof(*dest);
         rval = true;
     }
+    else
+    {
+        ss_dassert(!true);
+        MXS_ERROR("Block cannot hold a value of type float");
+    }
 
     return rval;
 }
@@ -280,12 +285,17 @@ bool maxavro_read_double(MAXAVRO_FILE* file, double *dest)
 {
     bool rval = false;
 
-    if (file->buffer_ptr + sizeof(*dest) < file->buffer_end)
+    if (file->buffer_ptr + sizeof(*dest) <= file->buffer_end)
     {
         memcpy(dest, file->buffer_ptr, sizeof(*dest));
         file->buffer_ptr += sizeof(*dest);
         rval = true;
     }
+    else
+    {
+        ss_dassert(!true);
+        MXS_ERROR("Block cannot hold a value of type double");
+    }
 
     return rval;
 }