Out of bounds read (Buffer overrun)

cugblbs / memcached

Automatically exported from code.google.com/p/memcached

0 stars 0 forks source link

Out of bounds read (Buffer overrun) #390

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In items.c, a buffer overrun may occur due to incorrect calculation.

7. cond_between: Checking sid > 200U implies that sid has the value which is 
between 1 and 200 (inclusive) on the false branch.
 926            if (!safe_strtoul(p, &sid) || sid < POWER_SMALLEST

8. overrun-local: Overrunning array tocrawl of 200 bytes at byte offset 200 
using index sid (which evaluates to 200).
 932            tocrawl[sid] = 1;

Thanks,

Original issue reported on code.google.com by MegaMan...@gmail.com on 23 Dec 2014 at 1:44

GoogleCodeExporter commented 9 years ago

Duh. Thanks! Fixed in next branch.

Original comment by dorma...@rydia.net on 1 Jan 2015 at 6:58

Changed state: Fixed