[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8685) Invalid memory access
leitao@debian.org wrote:
> Full_Name: Breno Leitao
> Version: upstream
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (32.104.18.202)
>
>
> Currently, do_random() function in tests/progs/slapd-mtread.c uses a random
> number (upto RAND_MAX) to access an array that is much smaller than RAND_MAX,
> causing a segfault.
>
> This causes a segmentation fault and more details could be found at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866122
>
>
Thanks for the report. I've examined your proposed patch in your debian
bugtracker. It doesn't make much sense though.
The random number is being correctly scaled, line 682:
int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);
Which means the value of r can only be from 0 to nvalues-1.
And there should be no difference between nvalues and i, since on line 657:
nvalues = ldap_count_entries( ld, res );
Since i is simply iterated through all of the entries in the response, the two
values cannot disagree.
Finally, such a simple bug as your patch suggests would have crashed long ago
on every other machine/OS, and it has never done so. I don't believe you've
identified the actual bug.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/