15923 – samba-4.23.1: 5 * array sanity check in wrong place

Bug 15923 - samba-4.23.1: 5 * array sanity check in wrong place

Summary: samba-4.23.1: 5 * array sanity check in wrong place

Status:	RESOLVED INVALID

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-09-28 14:51 UTC by David Binderman
Modified:	2025-09-29 22:31 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Binderman 2025-09-28 14:51:53 UTC

Static analyser cppcheck says:

1.

samba-4.23.1/lib/texpect/texpect.c:301:15: style: Array index 'i' is used before limits check. [arrayIndexThenCheck]

Source code is

 if (c->str[i] == '\\' && i < len - 1) {

2.

samba-4.23.1/source3/smbd/mangle_hash2.c:368:17: style: Array index 'i' is used before limits check. [arrayIndexThenCheck]

3.

samba-4.23.1/source3/smbd/smb1_message.c:90:11: style: Array index 'i' is used before limits check. [arrayIndexThenCheck]

4.

samba-4.23.1/source4/dsdb/samdb/ldb_modules/password_hash.c:1575:24: style: Array index 'i' is used before limits check. [arrayIndexThenCheck]

5.

samba-4.23.1/source4/ntvfs/posix/pvfs_shortname.c:185:17: style: Array index 'i' is used before limits check. [arrayIndexThenCheck]

Comment 1 Jennifer Sutton 2025-09-28 20:26:45 UTC

(1) is fine because `i < len` is the precondition for the loop.

(2) looks funny but is fine because the string is null‐terminated.

(3) has both checks in the correct places.

(4) also looks a little funny, but works because rp is null‐terminated.

(5) is the same as (2).