Ah, thanks for explaining, makes perfect sense now.
On Sun, Sep 28, 2014 at 9:19 PM, Gregor Jasny <gjasny_at_googlemail.com> wrote:
> The problem occurs if at the start of the loop the sockindex is at the
> last valid ARES_GETSOCK_MAXNUM position. If then both udp_socket and
> tcp_socket are valid, sockindex gets incremented for UDP first and
> points one entry behind the array for the tcp block.
> So the fix is to check after every increment of sockindex if it is still
> valid.
>
> Fix Coverity error CID 56878
>
> Signed-off-by: Gregor Jasny <gjasny_at_googlemail.com>
> ---
> ares_getsock.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/ares_getsock.c b/ares_getsock.c
> index 07d2854..22d3446 100644
> --- a/ares_getsock.c
> +++ b/ares_getsock.c
> @@ -30,9 +30,7 @@ int ares_getsock(ares_channel channel,
> /* Are there any active queries? */
> int active_queries = !ares__is_list_empty(&(channel->all_queries));
>
> - for (i = 0;
> - (i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
> - i++)
> + for (i = 0; i < channel->nservers; i++)
> {
> server = &channel->servers[i];
> /* We only need to register interest in UDP sockets if we have
> @@ -40,7 +38,7 @@ int ares_getsock(ares_channel channel,
> */
> if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
> {
> - if(sockindex >= numsocks)
> + if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
> break;
> socks[sockindex] = server->udp_socket;
> bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
> @@ -52,7 +50,7 @@ int ares_getsock(ares_channel channel,
> */
> if (server->tcp_socket != ARES_SOCKET_BAD)
> {
> - if(sockindex >= numsocks)
> + if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
> break;
> socks[sockindex] = server->tcp_socket;
> bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
> --
> 1.9.3 (Apple Git-50)
>
>
Received on 2014-09-30