From 045d70a5450daa85aa5564b6e9f93065c342ab12 Mon Sep 17 00:00:00 2001 From: Vijay Bellur Date: Tue, 14 Aug 2018 15:36:00 -0700 Subject: debug/error-gen: Fix null deref and out of bounds read issues Addresses CID: 1124492, 1124700, 1124701 Change-Id: If9916df1b0a4e67ad74fe0f6ea6f2544598ddacb updates: bz#789278 Signed-off-by: Vijay Bellur --- xlators/debug/error-gen/src/error-gen.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'xlators/debug/error-gen/src/error-gen.c') diff --git a/xlators/debug/error-gen/src/error-gen.c b/xlators/debug/error-gen/src/error-gen.c index f5180e59499..7ad2a0bd9fc 100644 --- a/xlators/debug/error-gen/src/error-gen.c +++ b/xlators/debug/error-gen/src/error-gen.c @@ -193,8 +193,11 @@ int generate_rand_no (int op_no) { int rand_no = 0; + int error_no_list_size = 0; - if (op_no < GF_FOP_MAXVALUE) + error_no_list_size = sizeof(error_no_list)/sizeof(error_no_list[0]); + + if (op_no < error_no_list_size) /* coverity[DC.WEAK_CRYPTO] */ rand_no = rand () % error_no_list[op_no].error_no_count; return rand_no; @@ -266,6 +269,7 @@ error_gen (xlator_t *this, int op_no) int rand_no = 0; int ret = 0; gf_boolean_t should_err = _gf_false; + int error_no_list_size = 0; egp = this->private; @@ -304,12 +308,13 @@ error_gen (xlator_t *this, int op_no) } } + error_no_list_size = sizeof(error_no_list)/sizeof(error_no_list[0]); if (should_err) { if (error_no_int) ret = error_no_int; else { rand_no = generate_rand_no (op_no); - if (op_no >= GF_FOP_MAXVALUE) + if (op_no >= error_no_list_size) op_no = 0; if (rand_no >= error_no_list[op_no].error_no_count) rand_no = 0; -- cgit