From cdb79f8a2201071e2e9e050e8d947953eb12b259 Mon Sep 17 00:00:00 2001
From: Michael Davidsaver <mdavidsaver@gmail.com>
Date: Mon, 28 Dec 2015 18:16:01 -0500
Subject: [PATCH] missing buffer capacity check in PVUnion::serialize

Allows a buffer overflow in PVUnionArray::serialize().
(cherry picked from commit 14b0e409f21a7a0cda417734dd2ceab3d6c0e4a2)
---
 src/factory/PVUnion.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/factory/PVUnion.cpp b/src/factory/PVUnion.cpp
index b7102dc..4737bcb 100644
--- a/src/factory/PVUnion.cpp
+++ b/src/factory/PVUnion.cpp
@@ -145,10 +145,10 @@ void PVUnion::serialize(ByteBuffer *pbuffer, SerializableControl *pflusher) cons
     if (variant)
     {
         // write introspection data
-        if (value.get() == 0)
+        if (value.get() == 0) {
+            pflusher->ensureBuffer(1);
             pbuffer->put((int8)-1);
-        else
-        {
+        }else {
             pflusher->cachedSerialize(value->getField(), pbuffer);
             value->serialize(pbuffer, pflusher);
         }