OpenSolaris

Printable Version Enter a New Search
Bug ID 6796574
Synopsis Array overrun in ibtl
State 10-Fix Delivered (Fix available in build)
Category:Subcategory ib_sw:ibtl
Keywords parfait
Responsible Engineer Bill Taylor
Reported Against
Duplicate Of
Introduced In solaris_10
Commit to Fix snv_108
Fixed In snv_108
Release Fixed solaris_nevada(snv_108) , solaris_10u8(s10u8_02) (Bug ID:2174579)
Related Bugs 4881822
Submit Date 22-January-2009
Last Update Date 11-February-2009
Description 
usr/src/uts/common/io/ib/ibtl/ibtl_util.c

0136:	/* First, leap through the table by 4 entries at a time */
0137:	for (i = 0; ibtl_ib2usec_tbl[i + 4] < time_val; i += 4)
0138:		if (i == 60)	/* Don't go beyond the end of table */
0139:			break;

The loop will access ibtl_ib2usec_tbl[64] before breaking out at line 138. Instead, i < 60 should be included in the loop termination condition.

This bug was found using the Parfait source code analysis tool. 
See http://research.sun.com/projects/parfait
Work Around 
N/A
Comments 
N/A