git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (from parent 1: 4ea1c84)
afsmonitor: Fix multiple NUM_CM_STAT_ENTRIES overflows
authorSimon Wilkinson <sxw@your-file-system.com>
Thu, 28 Feb 2013 17:14:20 +0000 (17:14 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Fri, 1 Mar 2013 00:24:21 +0000 (16:24 -0800)
If an array is n elements long, accessing element array[n] is an
overflow. Fix various places where we apply loop bounds incorrectly
using the NUM_CM_STAT_ENTRIES constant.

Caught by coverity (#985571, #985573)

Change-Id: I24a53e8044d3d5d39d070909400329a82f22b6b9
Reviewed-on: http://gerrit.openafs.org/9316
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/afsmonitor/afsmonitor.c patch | blob | history

diff --git a/src/afsmonitor/afsmonitor.c b/src/afsmonitor/afsmonitor.c
index 722d03b..aec815b 100644 (file)
--- a/src/afsmonitor/afsmonitor.c
+++ b/src/afsmonitor/afsmonitor.c
@@ -1299,8 +1299,8 @@ parse_showEntry(char *a_line)
 
        if (strcasestr(arg2, "_group") != NULL) {
 
-           if (fromIdx < 0 || toIdx < 0 || fromIdx > NUM_CM_STAT_ENTRIES
-               || toIdx > NUM_CM_STAT_ENTRIES)
+           if (fromIdx < 0 || toIdx < 0 || fromIdx >= NUM_CM_STAT_ENTRIES
+               || toIdx >= NUM_CM_STAT_ENTRIES)
                return (-10);
            for (j = fromIdx; j <= toIdx; j++) {
                if (!cm_showFlags[j]) {
@@ -1308,7 +1308,7 @@ parse_showEntry(char *a_line)
                    cm_DisplayItems_count++;
                    cm_showFlags[j] = 1;
                }
-               if (cm_DisplayItems_count > NUM_CM_STAT_ENTRIES) {
+               if (cm_DisplayItems_count >= NUM_CM_STAT_ENTRIES) {
                    fprintf(stderr, "[ %s ] cm_DisplayItems_count ovf\n", rn);
                    return (-11);
                }
@@ -1327,8 +1327,8 @@ parse_showEntry(char *a_line)
 
                if (strcasestr(catName, "_group") != NULL) {
                    if (fromIdx < 0 || toIdx < 0
-                       || fromIdx > NUM_CM_STAT_ENTRIES
-                       || toIdx > NUM_CM_STAT_ENTRIES)
+                       || fromIdx >= NUM_CM_STAT_ENTRIES
+                       || toIdx >= NUM_CM_STAT_ENTRIES)
                        return (-12);
                    for (j = fromIdx; j <= toIdx; j++) {
                        if (!cm_showFlags[j]) {
@@ -1336,7 +1336,7 @@ parse_showEntry(char *a_line)
                            cm_DisplayItems_count++;
                            cm_showFlags[j] = 1;
                        }
-                       if (cm_DisplayItems_count > NUM_CM_STAT_ENTRIES) {
+                       if (cm_DisplayItems_count >= NUM_CM_STAT_ENTRIES) {
                            fprintf(stderr,
                                    "[ %s ] cm_DisplayItems_count ovf\n", rn);
                            return (-13);
OpenAFS Master Repository