71 lines
2.6 KiB
Diff
71 lines
2.6 KiB
Diff
From a155daaa65c8727cc387360b0e9a91bf5d8ecf5d Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
Date: Tue, 4 Jul 2017 15:46:49 +0200
|
|
Subject: [PATCH] ldb: Fix index out of bound in ldb_msg_find_common_values
|
|
|
|
cmocka unit test failed on i386
|
|
[==========] Running 2 test(s).
|
|
[ RUN ] test_ldb_msg_find_duplicate_val
|
|
[ OK ] test_ldb_msg_find_duplicate_val
|
|
[ RUN ] test_ldb_msg_find_common_values
|
|
[ FAILED ] test_ldb_msg_find_common_values
|
|
[==========] 2 test(s) run.
|
|
[ ERROR ] --- 0x14 != 0
|
|
[ LINE ] --- ../tests/ldb_msg.c:266: error: Failure!
|
|
[ PASSED ] 1 test(s).
|
|
[ FAILED ] 1 test(s), listed below:
|
|
[ FAILED ] test_ldb_msg_find_common_values
|
|
1 FAILED TEST(S)
|
|
|
|
But we were just lucky on other platforms because there is
|
|
index out of bound according to valgrind error.
|
|
|
|
==3298== Invalid read of size 4
|
|
==3298== at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95)
|
|
==3298== by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266)
|
|
==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
|
|
==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
|
|
==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
|
|
==3298== by 0x1089B7: main (ldb_msg.c:352)
|
|
==3298== Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd
|
|
==3298== at 0x483223E: malloc (vg_replace_malloc.c:299)
|
|
==3298== by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9)
|
|
==3298== by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245)
|
|
==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
|
|
==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
|
|
==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
|
|
==3298== by 0x1089B7: main (ldb_msg.c:352)
|
|
---
|
|
lib/ldb/common/ldb_msg.c | 10 +---------
|
|
1 file changed, 1 insertion(+), 9 deletions(-)
|
|
|
|
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
|
|
index abad5a8320551c09e64539b993b8c5408ccdd32a..8e4047b41beebcadeab9631bc820941f0eadc490 100644
|
|
--- a/lib/ldb/common/ldb_msg.c
|
|
+++ b/lib/ldb/common/ldb_msg.c
|
|
@@ -262,20 +262,12 @@ int ldb_msg_find_common_values(struct ldb_context *ldb,
|
|
n_values = el->num_values;
|
|
i = 0;
|
|
j = 0;
|
|
- while (i != n_values) {
|
|
+ while (i != n_values && j < el2->num_values) {
|
|
int ret = ldb_val_cmp(&values[i], &values2[j]);
|
|
if (ret < 0) {
|
|
i++;
|
|
} else if (ret > 0) {
|
|
j++;
|
|
- if (j == el2->num_values) {
|
|
- /*
|
|
- We have walked past the end of the second
|
|
- list, meaning the remainder of the first
|
|
- list cannot collide and we're done.
|
|
- */
|
|
- break;
|
|
- }
|
|
} else {
|
|
/* we have a collision */
|
|
if (! remove_duplicates) {
|
|
--
|
|
2.13.0
|
|
|