search

bzznectar / nectar

Decentralised tokenomics layer of the Nectar for Swarm network
https://docs.bzznectar.org/docs/
7 stars 1 forks source link

speedtest missing a -1, potential index out of range #5

Closed ldeffenb closed 2 years ago

ldeffenb commented 2 years ago

While perusing the source code I noticed the following fragment from pkg/tools/speedtest.go:

    if SIndex > (len(s.Servers) - 1) {
        SIndex = len(s.Servers)
    }
    if len(s.Servers) < 1 {
        return nil, errorf("can't not find server,please check net")
    }
    return &s.Servers[SIndex], nil

I believe the assignment inside the original if is missing a -1. Say SIndex is 3 due to retries. And len(s.Servers) is also 3. The if will fire because 3 > 3-1, but SIndex will be set to 3. The return statement will fail because the valid indices for a len() of 3 is 0..2 but it will attempt to reference s.Servers[3].

https://github.com/bzznectar/nectar/blob/87ca581552f007b345d7c7cf08292f07bcf3681f/pkg/tools/speedtest.go#L299

bzznectar commented 2 years ago

thanks @ldeffenb ,already fixed