[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8685) Invalid memory access

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8685) Invalid memory access
From: hyc@symas.com
Date: Thu, 06 Jul 2017 19:55:12 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

leitao@debian.org wrote:
> Full_Name: Breno Leitao
> Version: upstream
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (32.104.18.202)
> 
> 
> Currently, do_random() function in tests/progs/slapd-mtread.c uses a random
> number (upto RAND_MAX) to access an array that is much smaller than RAND_MAX,
> causing a segfault.
> 
> This causes a segmentation fault and more details could be found at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866122
> 
> 
Thanks for the report. I've examined your proposed patch in your debian 
bugtracker. It doesn't make much sense though.

The random number is being correctly scaled, line 682:

int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);

Which means the value of r can only be from 0 to nvalues-1.

And there should be no difference between nvalues and i, since on line 657:

nvalues = ldap_count_entries( ld, res );

Since i is simply iterated through all of the entries in the response, the two 
values cannot disagree.

Finally, such a simple bug as your patch suggests would have crashed long ago 
on every other machine/OS, and it has never done so. I don't believe you've 
identified the actual bug.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8685) Invalid memory access
Next by Date: Re: (ITS#8685) Invalid memory access
Index(es):
- Chronological
- Thread