From 1ac6dfe34e17454ce299c44cb0c426f6fdd09073 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Tue, 27 Jun 2017 19:23:15 -0400
Subject: [PATCH] Reset image-ring cursors to zero on image-ring resize; fixes
 #365

This fixes an array overrun reported in #365. Also added an assertion to
check the spot where the overrun occurred.
---
 motion.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/motion.c b/motion.c
index e0e28e3f..f0633b71 100644
--- a/motion.c
+++ b/motion.c
@@ -128,6 +128,9 @@ static void image_ring_resize(struct context *cnt, int new_size)
             cnt->current_image = NULL;
 
             cnt->imgs.image_ring_size = new_size;
+
+            cnt->imgs.image_ring_in = 0;
+            cnt->imgs.image_ring_out = 0;
         }
     }
 }
@@ -581,6 +584,7 @@ static void process_image_ring(struct context *cnt, unsigned int max_images)
     /* If image is flaged to be saved and not saved yet, process it */
     do {
         /* Check if we should save/send this image, breakout if not */
+        assert(cnt->imgs.image_ring_out < cnt->imgs.image_ring_size);
         if ((cnt->imgs.image_ring[cnt->imgs.image_ring_out].flags & (IMAGE_SAVE | IMAGE_SAVED)) != IMAGE_SAVE)
             break;