Bug 10800 - Array index out of bounds in smbtorture
Summary: Array index out of bounds in smbtorture
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: smbtorture (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-06 16:31 UTC by herwin
Modified: 2016-07-29 00:01 UTC (History)
1 user (show)

See Also:

Attachments
patch (439 bytes, patch)
2014-09-06 16:32 UTC, herwin 		no flags Details
Alternative patch (1.17 KB, patch)
2014-09-07 19:11 UTC, Volker Lendecke 		metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description herwin 2014-09-06 16:31:31 UTC 
In torture/smb2/dir.c method test_modify_search an array of 702 elements is defined, which means the entries are accessible on indexes 0 to 701. Later in this method, the index 702 is used.

The patch is pretty simple: enlarge the buffer with 1.
Comment 1 herwin 2014-09-06 16:32:09 UTC 
Created attachment 10261 [details]
patch
Comment 2 Volker Lendecke 2014-09-07 19:11:52 UTC 
Created attachment 10263 [details]
Alternative patch

Thanks, entirely correct. I'd prefer this version though to couple the array sizes. Ok?
Comment 3 herwin 2014-09-07 19:40:31 UTC 
@volker: I'm sure if you were targetting me, but in any case: I'm completely fine with using your version (I think that one is cleaner)
Comment 4 Stefan Metzmacher 2014-09-08 07:54:05 UTC 
Comment on attachment 10263 [details]
Alternative patch

Looks good, please push to master with reviewed-by: me
Comment 5 Andrew Bartlett 2016-07-29 00:01:56 UTC 
Fixed in master with abe499be569c9087f007331d3ac2e48cea0e2cae