[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8685) Invalid memory access

leitao@debian.org wrote:
> Full_Name: Breno Leitao
> Version: upstream
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Currently, do_random() function in tests/progs/slapd-mtread.c uses a random
> number (upto RAND_MAX) to access an array that is much smaller than RAND_MAX,
> causing a segfault.
> This causes a segmentation fault and more details could be found at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866122
Thanks for the report. I've examined your proposed patch in your debian 
bugtracker. It doesn't make much sense though.

The random number is being correctly scaled, line 682:

int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);

Which means the value of r can only be from 0 to nvalues-1.

And there should be no difference between nvalues and i, since on line 657:

nvalues = ldap_count_entries( ld, res );

Since i is simply iterated through all of the entries in the response, the two 
values cannot disagree.

Finally, such a simple bug as your patch suggests would have crashed long ago 
on every other machine/OS, and it has never done so. I don't believe you've 
identified the actual bug.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/