[Date Prev][Date Next]
Re: (ITS#8685) Invalid memory access
> Full_Name: Breno Leitao
> Version: upstream
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (18.104.22.168)
> Currently, do_random() function in tests/progs/slapd-mtread.c uses a random
> number (upto RAND_MAX) to access an array that is much smaller than RAND_MAX,
> causing a segfault.
> This causes a segmentation fault and more details could be found at
Thanks for the report. I've examined your proposed patch in your debian
bugtracker. It doesn't make much sense though.
The random number is being correctly scaled, line 682:
int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);
Which means the value of r can only be from 0 to nvalues-1.
And there should be no difference between nvalues and i, since on line 657:
nvalues = ldap_count_entries( ld, res );
Since i is simply iterated through all of the entries in the response, the two
values cannot disagree.
Finally, such a simple bug as your patch suggests would have crashed long ago
on every other machine/OS, and it has never done so. I don't believe you've
identified the actual bug.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/