From 6ef0c82222bdae6cf4163b05e2488a582230c5e4 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 6 Dec 2010 13:52:38 +1030 Subject: [PATCH] idtree: fix overflow for v. large ids on allocation and removal (Imported from SAMBA commit 09a6538969ac). Chris Cowan tracked down a SEGV in sub_alloc: idp->level can actually be equal to 7 (MAX_LEVEL) there, as it can be in sub_remove. (We unfairly blamed a shift of a signed var for this crash in commit 2db1987f5a3a). Signed-off-by: Rusty Russell --- lib/util/idtree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/util/idtree.c b/lib/util/idtree.c index 05c22958..09dc237f 100644 --- a/lib/util/idtree.c +++ b/lib/util/idtree.c @@ -104,7 +104,7 @@ static int sub_alloc(struct idr_context *idp, void *ptr, int *starting_id) { int n, m, sh; struct idr_layer *p, *new; - struct idr_layer *pa[MAX_LEVEL]; + struct idr_layer *pa[MAX_LEVEL+1]; unsigned int l, id, oid; uint32_t bm; -- 2.34.1