From d069c980d0f8ab24f3cc73d6870d6989f82e4605 Mon Sep 17 00:00:00 2001
From: jsteube <jens.steube@gmail.com>
Date: Tue, 14 Feb 2017 18:07:33 +0100
Subject: [PATCH] Testfix for CID 1402439 (#1 of 1): Out-of-bounds read

---
 src/rp_cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rp_cpu.c b/src/rp_cpu.c
index bd2eb3d07..808206e2f 100644
--- a/src/rp_cpu.c
+++ b/src/rp_cpu.c
@@ -719,14 +719,14 @@ int _old_apply_rule (char *rule, int rule_len, char in[BLOCK_SIZE], int in_len,
 
       case RULE_OP_MANGLE_APPEND_MEMORY:
         if (mem_len < 1) return (RULE_RC_REJECT_ERROR);
-        if ((out_len + mem_len) > BLOCK_SIZE) return (RULE_RC_REJECT_ERROR);
+        if ((out_len + mem_len) >= BLOCK_SIZE) return (RULE_RC_REJECT_ERROR);
         memcpy (out + out_len, mem, mem_len);
         out_len += mem_len;
         break;
 
       case RULE_OP_MANGLE_PREPEND_MEMORY:
         if (mem_len < 1) return (RULE_RC_REJECT_ERROR);
-        if ((mem_len + out_len) > BLOCK_SIZE) return (RULE_RC_REJECT_ERROR);
+        if ((mem_len + out_len) >= BLOCK_SIZE) return (RULE_RC_REJECT_ERROR);
         memcpy (mem + mem_len, out, out_len);
         out_len += mem_len;
         memcpy (out, mem, out_len);