bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
From: dcb314%hotmail.com@localhost
Date: Wed, 3 Feb 2016 10:05:00 +0000 (UTC)

>Number:         50757
>Category:       bin
>Synopsis:       src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 03 10:05:00 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160203
>Organization:
>Environment:
>Description:

[src/usr.sbin/sysinst/arch/mac68k/md.c:180]: (error) Array 'new_map[6]' accessed at index 14, which is out of bounds.

Source code is

   for (i=0;i<NEW_MAP_SIZE;i++) {
       if (i > 0)
        new_map[i].pmPyPartStart = new_map[i-1].pmPyPartStart +
            new_map[i-1].pmPartBlkCnt;
       new_map[i].pmDataCnt = new_map[i].pmPartBlkCnt;

but

src/usr.sbin/sysinst/arch/mac68k/md.h:#define NEW_MAP_SIZE 15

and new_map only seems to have six elements in it.

I make the observation that this kind of array index problem
would normally be caught by gcc compiler flag -D_FORTIFY_SOURCE=2.

Maybe this flag doesn't get used in the normal builds ?

>How-To-Repeat:

>Fix:

Prev by Date: bin/50756: src/sbin/gpt/show.c:117: array index out of range ?
Next by Date: toolchain/50758: [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.
Previous by Thread: bin/50756: src/sbin/gpt/show.c:117: array index out of range ?
Next by Thread: Re: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
Indexes:

Home | Main Index | Thread Index | Old Index