Viewing all changes in revision 4634.106.1.
- Committer: John Arbash Meinel
- Date: 2009-12-14 15:52:24 UTC
- mto: (4634.107.1 2.0)
- mto: This revision was merged to the branch mainline in revision 4897.
- Revision ID: john@arbash-meinel.com-20091214155224-6av92htxukvp69jk
Fix a rare segmentation fault in the groupcompress code.
When finding the location to insert an entry in the hash map,
we start by going to the next hash bucket, and walking backwards
to find the last empty entry.
The last entry in the hash table intentionally points to just
after the actual entry table, so that we have an 'upper bound'.
However, if the last actual bucket was full, this could cause
us to check to see if the 'sentinal' value pointed to NULL,
which isn't valid. If the memory allocator did not allocate
extra bytes after then end of the entry table, this would
access invalid memory and segfault.
The fix is to change the if check to evaluate whether the current
pointer is in the current bucket before we check to see whether
it is empty. (Note that the double check *should* be redundant.)
When finding the location to insert an entry in the hash map,
we start by going to the next hash bucket, and walking backwards
to find the last empty entry.
The last entry in the hash table intentionally points to just
after the actual entry table, so that we have an 'upper bound'.
However, if the last actual bucket was full, this could cause
us to check to see if the 'sentinal' value pointed to NULL,
which isn't valid. If the memory allocator did not allocate
extra bytes after then end of the entry table, this would
access invalid memory and segfault.
The fix is to change the if check to evaluate whether the current
pointer is in the current bucket before we check to see whether
it is empty. (Note that the double check *should* be redundant.)
- files modified:
- NEWS
expand all
collapse all
added
removed
