Bug 11603 - Integer overflow during tdb operations
Integer overflow during tdb operations
Status: NEW
Product: TDB
Classification: Unclassified
Component: libtdb
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2015-11-16 00:03 UTC by Andrew Bartlett
Modified: 2015-12-17 02:35 UTC (History)
4 users (show)

See Also:

patch for master (4.22 KB, patch)
2015-11-16 00:04 UTC, Andrew Bartlett
abartlet: review? (jra)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2015-11-16 00:03:19 UTC
While testing ldbsearch with american fuzzy lop, I found these integer overflows in TDB, showing up mostly as short records in the subsequent ldb_parse().  The attached patches appear to address those. 

Careful review by a TDB developer most welcome.

Not assigned to the TDB product because we don't have a 'core samba developers group' there.
Comment 1 Andrew Bartlett 2015-11-16 00:04:10 UTC
Created attachment 11599 [details]
patch for master