From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <77e5af21864417917c398575fb84095d@rei2.9hal> Date: Wed, 22 Aug 2012 12:32:42 +0200 From: cinap_lenrek@gmx.de To: 9fans@9fans.net In-Reply-To: <7923a269495e9abf153363f63d452d3c@ladd.quanstro.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] dns Topicbox-Message-UUID: ad9898f0-ead7-11e9-9d60-3106f5b1d025 wait, Maxdest is a count, see: dest = emalloc(Maxdest * sizeof *dest); /* dest can't be on stack */ code like: Dest *curdest; /* pointer to next to fill */ p = dp->dest; ... if (qp->ndest > qp->curdest - p) { and for(p = qp->dest; p < qp->curdest; p++) indicates that dp->curdest is an end pointer. so it should be perfectly valid for it to point at &dp->dest[Maxdest]. the check at the top of serveraddrs() should really be: if(nd >= Maxdest) /* dest array is full? */ return Maxdest; serveraddr() really returns a count. which is the same as an end pointer index. the result check of that serveraddr() call should really be: if (j < 0 || j > Maxdest) { dnslog("serveraddrs() result %d out of range", j); abort(); } qp->curdest = &qp->dest[j]; and the destck(dp->curdest); should be removed. --- a/sys/src/cmd/ndb/dnresolve.c Wed Aug 22 00:11:42 2012 +0200 +++ b/sys/src/cmd/ndb/dnresolve.c Wed Aug 22 12:28:34 2012 +0200 @@ -832,7 +832,7 @@ Dest *cur; if(nd >= Maxdest) /* dest array is full? */ - return Maxdest - 1; + return Maxdest; /* * look for a server whose address we already know. @@ -1080,13 +1080,12 @@ */ if (qp->ndest > qp->curdest - p) { j = serveraddrs(qp, qp->curdest - p, depth); - if (j < 0 || j >= Maxdest) { + if (j < 0 || j > Maxdest) { dnslog("serveraddrs() result %d out of range", j); abort(); } qp->curdest = &qp->dest[j]; } - destck(qp->curdest); /* no servers, punt */ if (qp->ndest == 0) -- cinap