#13927: gpgme KDL's when test are enabled
--------------------------------------+----------------------------
Reporter: Begasus | Owner: axeld
Type: bug | Status: new
Priority: normal | Milestone: Unscheduled
Component: Network & Internet/TCP | Version: R1/Development
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
--------------------------------------+----------------------------
Comment (by ambroff):
I have added a new test suite for BOpenHashTable<T> in
[https://github.com/ambroff/haiku/commits/tcp-kdl-fix a branch]. I've made
two conclusions so far. I found an additional memory-corruption bug while
doing so.
BOpenHashTable has an AutoExpand non-type template parameter. If set to
false, which is not the default, then upon insertion it will:
1. Check to see if the current buffer size is > 0. If not, it will resize
the buffer to the minimum size, which is 8 elements. If the user calls
Init(size_t) before inserting they can set this size to a greater value.
2. If AutoExpand is true, then the buffer will be resized if more room is
needed to handle the insertion. When resized to add more capacity, the
size is doubled.
3. Insert with no bounds check.
So currently if someone uses BOpenHashTable<T, false>, and then inserts
more than the fixed number of elements defined (either by the default or
call to Init(size_t)), then it will write beyond the bounds of the fTable
array, smashing some random memory.
BOpenHashTable<T, false> is used in quite a few places, including the
ipv4, ipv6, udp and unix add-ons, IOSchedulerSimple and HashedObjectCache.
Even if those aren't broken because of this they easily could be.
--
Ticket URL: <https://dev.haiku-os.org/ticket/13927#comment:10>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.
