From: Igor Putovny <igor.putovny@nic.cz>
Date: Wed, 11 Jun 2025 10:00:23 +0000 (+0200)
Subject: Bugfix: buffer overflow in hash_test.c
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc2543a04f10ccc91dc6f27d157414acd80b3850;p=thirdparty%2Fbird.git

Bugfix: buffer overflow in hash_test.c

This bug manifested itself as segmentation fault of t_insert2_find test when
TEST_ORDER was increased from 13 to 14. When checking the validity of filled
table, the table is iterated from 0 to MAX_NUM. However, when order is an even
number, the size of the table is lower than MAX_NUM (due to table resizing),
which caused reading beyond the allocated memory.
---

diff --git a/lib/hash_test.c b/lib/hash_test.c
index 4bce70179..bf782c65d 100644
--- a/lib/hash_test.c
+++ b/lib/hash_test.c
@@ -37,10 +37,9 @@ struct test_node nodes[MAX_NUM];
 static void
 print_rate_of_fulfilment(void)
 {
-  int i;
   int num_stacked_items = 0;
 
-  for (i = 0; i < MAX_NUM; i++)
+  for (size_t i = 0; i < HASH_SIZE(hash); i++)
     if (!hash.data[i])
       num_stacked_items++;