From 9fb3aad7e886601e32aa922cf5be69c98c504662 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Tue, 2 Sep 2014 13:54:10 +0900
Subject: [PATCH 1006/1006] braid/init_braid: limit braid->braidlength
correctly
gcc49 sanitizer detected errors like below:
../../hacks/braid.c:225:20: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:227:27: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:118:12: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:120:17: runtime error: index 50 out of bounds for type 'int [50]'
In init_braid(), currently at the line 203 braid->braidlength can have the value
MAXLENGTH at the maximum, and at the line 232 braid->braidlength may be incremented
by 1, so braid->braidlength can be MAXLENGTH + 1. So the part "braid->braidword[i]"
appearing in braid.c can do one-byte ahead access.
---
hacks/braid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hacks/braid.c b/hacks/braid.c
index c73b89d..d134e63 100644
--- a/hacks/braid.c
+++ b/hacks/braid.c
@@ -200,7 +200,7 @@ init_braid(ModeInfo * mi)
braid->nstrands = INTRAND(MINSTRANDS,
MAX(MIN(MIN(MAXSTRANDS, MI_COUNT(mi)),
(int) ((braid->max_radius - braid->min_radius) / 5.0)), MINSTRANDS));
- braid->braidlength = INTRAND(MINLENGTH, MIN(MAXLENGTH, braid->nstrands * 6));
+ braid->braidlength = INTRAND(MINLENGTH, MIN(MAXLENGTH -1, braid->nstrands * 6));
for (i = 0; i < braid->braidlength; i++) {
braid->braidword[i] =
--
1.9.3