Greetings,
I think I hit upon the perfect circumstance to bust the hash table in
GetVariable (vars.c). I believe that the hash table is not going far enough
before reseting the increment as I end up in an infinite loop. See the comments
"//" below:
Debug("GetVariable(%s,%s): using scope '%s' for variable
'%s'\n",scopeid,vlval,ptr->scope,vlval);
if (CompareVariable(vlval,ptr->hashtable[slot]) != 0)
{
/* Recover from previous hash collision */
while (true)
{
i++;
if (i >= CF_HASHTABLESIZE-1)
// I think this should be (i >= CF_HASHTABLESIZE). The testcase I have seems to
have a value in the last slot of
// the hash table, which makes the loop never end.
//
//i:4965 slot:4968
//i:4966 slot:4968
//i:4967 slot:4968
//i:4968 slot:4968
//i:1 slot:4968
//i:2 slot:4968
//...
//i:4967 slot:4968
//i:4968 slot:4968
//i:1 slot:4968
//i:2 slot:4968
//...
// rinse, lather, repeat
{
i = 0;
}
if (CompareVariable(vlval,ptr->hashtable[i]) == 0)
{
found = true;
break;
}
/* Removed autolookup in Unix environment variables -
implement as getenv() fn instead */
if (i == slot)
{
found = false;
break;
}
}
if (!found)
{
Debug("No such variable found %s.%s\n",scope,lval);
*returnv = lval;
*rtype = CF_SCALAR;
return cf_notype;
}
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
