From: Tom Hughes Date: Thu, 28 Oct 2004 08:09:53 +0000 (+0000) Subject: Fixed get_height to ensure that SK_MAXHEIGHT-1 is the maximum level we X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e02fd4f4de042eefdc35df64c18e0670e6a965c;p=thirdparty%2Fvalgrind.git Fixed get_height to ensure that SK_MAXHEIGHT-1 is the maximum level we will allocate for a skip list entry as many routines use arrays of size SK_MAXHEIGHT to hold a set of level pointers which means that a level of SK_MAXHEIGHT is not valid due to C arrays being zero based. This led to a number of subtle and hard to locate problems caused by stack based arrays being overflowed by one entry when a node was allocated with the maximum level. As each node only has a one in two million or so chance of getting a level of SK_MAXHEIGHT this didn't actually happen all that often. MERGED FROM HEAD git-svn-id: svn://svn.valgrind.org/valgrind/branches/VALGRIND_2_2_0_BRANCH@2863 --- diff --git a/coregrind/vg_skiplist.c b/coregrind/vg_skiplist.c index fac7b7c0af..d5894cab62 100644 --- a/coregrind/vg_skiplist.c +++ b/coregrind/vg_skiplist.c @@ -112,7 +112,7 @@ static inline Int get_height(void) { UInt ret = 0; - while((ret < SK_MAXHEIGHT) && (random() & 1)) + while((ret < SK_MAXHEIGHT - 1) && (random() & 1)) ret++; return ret;