From c5074939f21be43eb408dbab5f6708dd74dba531 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 6 Dec 2010 13:42:13 +1030 Subject: [PATCH 1/1] idtree: fix overflow for v. large ids on allocation and removal Chris Cowan tracked down a SEGV in sub_alloc: idp->level can actually be equal to 7 (MAX_LEVEL) there, as it can be in sub_remove. --- ccan/idtree/idtree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccan/idtree/idtree.c b/ccan/idtree/idtree.c index 5a26234e..b3b1d606 100644 --- a/ccan/idtree/idtree.c +++ b/ccan/idtree/idtree.c @@ -99,7 +99,7 @@ static int sub_alloc(struct idtree *idp, const void *ptr, int *starting_id) { int n, m, sh; struct idtree_layer *p, *pn; - struct idtree_layer *pa[MAX_LEVEL]; + struct idtree_layer *pa[MAX_LEVEL+1]; unsigned int l, id, oid; uint32_t bm; -- 2.39.2