diff options
author | Alan Somers <asomers@gmail.com> | 2013-10-15 13:06:06 -0700 |
---|---|---|
committer | Sage Weil <sage@inktank.com> | 2013-10-15 13:06:54 -0700 |
commit | 26228ed701870a3625a41f798359d4e550b248b8 (patch) | |
tree | ab024d11d8759cabae8bac0094fbef49c62f4aef | |
parent | 8b43d724535ed5b14ee17d3ab6177f8eb3460e68 (diff) | |
download | ceph-26228ed701870a3625a41f798359d4e550b248b8.tar.gz |
ceph-dencoder: select_generated() should properly validate its input
If m_list.size() == 0, then calling select_generated(0) will result in
uninitialized data being assigned to m_object, which will cause a segfault
down the road. This patch fixes that.
To Reproduce:
$ ceph-dencoder type MWatchNotify select_test 0 encode decode
Segmentation fault (core dumped)
After the patch:
$ ./ceph-dencoder type MWatchNotify select_test 0 encode decode
error: invalid id for generated object
$ echo $?
1
Fixes: #6510
Signed-off-by: Alan Somers <asomers@gmail.com>
-rw-r--r-- | src/test/encoding/ceph_dencoder.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/test/encoding/ceph_dencoder.cc b/src/test/encoding/ceph_dencoder.cc index 81abcd1de9e..dbed6f524d8 100644 --- a/src/test/encoding/ceph_dencoder.cc +++ b/src/test/encoding/ceph_dencoder.cc @@ -93,7 +93,7 @@ public: // allow 0- or 1-based (by wrapping) if (i == 0) i = m_list.size(); - if (i > m_list.size()) + if ((i == 0) || (i > m_list.size())) return "invalid id for generated object"; typename list<T*>::iterator p = m_list.begin(); for (i--; i > 0 && p != m_list.end(); ++p, --i) ; @@ -177,7 +177,7 @@ public: // allow 0- or 1-based (by wrapping) if (i == 0) i = m_list.size(); - if (i > m_list.size()) + if ((i == 0) || (i > m_list.size())) return "invalid id for generated object"; typename list<T*>::iterator p = m_list.begin(); for (i--; i > 0 && p != m_list.end(); ++p, --i) ; |