bin/50756: src/sbin/gpt/show.c:117: array index out of range ?

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/50756: src/sbin/gpt/show.c:117: array index out of range ?
From: dcb314%hotmail.com@localhost
Date: Wed, 3 Feb 2016 10:00:00 +0000 (UTC)

>Number:         50756
>Category:       bin
>Synopsis:       src/sbin/gpt/show.c:117: array index out of range ?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 03 10:00:00 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160203
>Organization:
>Environment:
>Description:
[src/sbin/gpt/show.c:117]: (error) Array 'mbr.mbr_part[4]' accessed at index 4, which is out of bounds.

Source code is

        for (i = 0; i < 4; i++) {
            start = le16toh(mbr->mbr_part[i].part_start_hi);
            start = (start << 16) +
                le16toh(mbr->mbr_part[i].part_start_lo);
            if (map_start == p->map_start + start)
                break;
        }
        printf("%d", mbr->mbr_part[i].part_typ);

The code seems to assume success i.e. the break is always executed.

Maybe it would be a good idea to add some code for the failure case i.e.
the loop executes four times without finding what it is looking for.

>How-To-Repeat:

>Fix:

Prev by Date: port-arm/50755: src/sys/arch/arm/omap/omap2430_intr.c:458: array index out of range ?
Next by Date: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
Previous by Thread: port-arm/50755: src/sys/arch/arm/omap/omap2430_intr.c:458: array index out of range ?
Next by Thread: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
Indexes:

Home | Main Index | Thread Index | Old Index