[Dnsmasq-discuss] Maybe there is a typo in build_server_array()

Simon Kelley simon at thekelleys.org.uk
Fri Jul 2 15:47:39 UTC 2021


On 01/07/2021 03:06, Xingcong Li wrote:
> Hello, Is there a typo in function build_server_array()? (in file
> domain-match.c)
> 
>   for (serv = daemon->servers; serv; serv = serv->next, count++)
> #ifdef HAVE_LOOP
>     if (!(serv->flags & SERV_LOOP))
> #endif
>       {
> daemon->serverarray[count] = serv;
> serv->serial = count;
> serv->last_server = -1;
>       }
>      
> I think the variable count should not increase every time, it should
> increase when sever has no SERV_LOOP flag.(see below)
> 
>   for (serv = daemon->servers; serv; serv = serv->next)
> #ifdef HAVE_LOOP
>     if (!(serv->flags & SERV_LOOP))
> #endif
>       {
> daemon->serverarray[count] = serv;
> serv->serial = count;
> serv->last_server = -1;
> count++;
>       }
> 
> Considering that there is more than 10 servers which have SERV_LOOP,
> read memory of daemon->serverarray[count] could be out of array bound.
> 
> if (count > daemon->serverarrayhwm)
> {
> struct server **new;
> count += 10; /* A few extra without re-allocating. */
> if ((new = whine_malloc(count * sizeof(struct server *))))
> 
> ...
> }
> 
> Correct me if I'm wrong.
> 

You are not wrong. Patch applied, many thanks for spotting this.

Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list