The Samba-Bugzilla – Attachment 13369 Details for
Bug 12900
index out of bound in ldb_msg_find_common_values
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch avoiding the out-of-bounds error
0001-ldb-Fix-index-out-of-bound-in-ldb_msg_find_common_va.patch (text/plain), 2.85 KB, created by
Douglas Bagnall
on 2017-07-13 04:36:59 UTC
(
hide
)
Description:
patch avoiding the out-of-bounds error
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2017-07-13 04:36:59 UTC
Size:
2.85 KB
patch
obsolete
>From 6911387d3f33136a676df495ad069165bd7d9eea Mon Sep 17 00:00:00 2001 >From: Lukas Slebodnik <lslebodn@redhat.com> >Date: Tue, 4 Jul 2017 15:46:49 +0200 >Subject: [PATCH 1/3] ldb: Fix index out of bound in ldb_msg_find_common_values > >cmocka unit test failed on i386 >[==========] Running 2 test(s). >[ RUN ] test_ldb_msg_find_duplicate_val >[ OK ] test_ldb_msg_find_duplicate_val >[ RUN ] test_ldb_msg_find_common_values >[ FAILED ] test_ldb_msg_find_common_values >[==========] 2 test(s) run. >[ ERROR ] --- 0x14 != 0 >[ LINE ] --- ../tests/ldb_msg.c:266: error: Failure! >[ PASSED ] 1 test(s). >[ FAILED ] 1 test(s), listed below: >[ FAILED ] test_ldb_msg_find_common_values > 1 FAILED TEST(S) > >But we were just lucky on other platforms because there is >index out of bound according to valgrind error. > >==3298== Invalid read of size 4 >==3298== at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95) >==3298== by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266) >==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265) >==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1) >==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1) >==3298== by 0x1089B7: main (ldb_msg.c:352) >==3298== Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd >==3298== at 0x483223E: malloc (vg_replace_malloc.c:299) >==3298== by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9) >==3298== by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245) >==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265) >==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1) >==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1) >==3298== by 0x1089B7: main (ldb_msg.c:352) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12900 > >Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 963d9f12f902ae266a8c7edbf4249090de46173b) >--- > lib/ldb/common/ldb_msg.c | 10 +--------- > 1 file changed, 1 insertion(+), 9 deletions(-) > >diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c >index abad5a8..8e4047b 100644 >--- a/lib/ldb/common/ldb_msg.c >+++ b/lib/ldb/common/ldb_msg.c >@@ -262,20 +262,12 @@ int ldb_msg_find_common_values(struct ldb_context *ldb, > n_values = el->num_values; > i = 0; > j = 0; >- while (i != n_values) { >+ while (i != n_values && j < el2->num_values) { > int ret = ldb_val_cmp(&values[i], &values2[j]); > if (ret < 0) { > i++; > } else if (ret > 0) { > j++; >- if (j == el2->num_values) { >- /* >- We have walked past the end of the second >- list, meaning the remainder of the first >- list cannot collide and we're done. >- */ >- break; >- } > } else { > /* we have a collision */ > if (! remove_duplicates) { >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12900
: 13369 |
13370
|
13371