Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Jul 2004 16:26:08 -0700 (PDT)
From:      "Ted Unangst" <tedu@coverity.com>
To:        hackers@freebsd.org
Cc:        rees@umich.edu
Subject:   out of bounds in rpcclnt
Message-ID:  <16734.66.93.171.98.1089761168.spork@webmail.coverity.com>

next in thread | raw e-mail | index | archive | help
the following code, around line 562 in sys/rpc/rpcclnt.c, exceeds the
bounds of the array.  each array is only four bytes, the [4] is too much.

	/* Initialize other non-zero congestion variables */
	rpc->rc_srtt[0] = rpc->rc_srtt[1] = rpc->rc_srtt[2] = rpc->rc_srtt[3] =
		rpc->rc_srtt[4] = (RPC_TIMEO << 3);
	rpc->rc_sdrtt[0] = rpc->rc_sdrtt[1] = rpc->rc_sdrtt[2] =
		rpc->rc_sdrtt[3] = rpc->rc_sdrtt[4] = 0;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16734.66.93.171.98.1089761168.spork>