out of bounds in rpcclnt
Ted Unangst
tedu at coverity.com
Tue Jul 13 16:26:10 PDT 2004
the following code, around line 562 in sys/rpc/rpcclnt.c, exceeds the
bounds of the array. each array is only four bytes, the [4] is too much.
/* Initialize other non-zero congestion variables */
rpc->rc_srtt[0] = rpc->rc_srtt[1] = rpc->rc_srtt[2] = rpc->rc_srtt[3] =
rpc->rc_srtt[4] = (RPC_TIMEO << 3);
rpc->rc_sdrtt[0] = rpc->rc_sdrtt[1] = rpc->rc_sdrtt[2] =
rpc->rc_sdrtt[3] = rpc->rc_sdrtt[4] = 0;
More information about the freebsd-hackers
mailing list