Date: Tue, 13 Jul 2004 16:26:08 -0700 (PDT) From: "Ted Unangst" <tedu@coverity.com> To: hackers@freebsd.org Cc: rees@umich.edu Subject: out of bounds in rpcclnt Message-ID: <16734.66.93.171.98.1089761168.spork@webmail.coverity.com>
next in thread | raw e-mail | index | archive | help
the following code, around line 562 in sys/rpc/rpcclnt.c, exceeds the bounds of the array. each array is only four bytes, the [4] is too much. /* Initialize other non-zero congestion variables */ rpc->rc_srtt[0] = rpc->rc_srtt[1] = rpc->rc_srtt[2] = rpc->rc_srtt[3] = rpc->rc_srtt[4] = (RPC_TIMEO << 3); rpc->rc_sdrtt[0] = rpc->rc_sdrtt[1] = rpc->rc_sdrtt[2] = rpc->rc_sdrtt[3] = rpc->rc_sdrtt[4] = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16734.66.93.171.98.1089761168.spork>