ceph-dencoder: select_generated() should properly validate its input

If m_list.size() == 0, then calling select_generated(0) will result in
uninitialized data being assigned to m_object, which will cause a segfault
down the road. This patch fixes that.

To Reproduce:
$ ceph-dencoder type MWatchNotify select_test 0 encode decode
Segmentation fault (core dumped)

After the patch:
$ ./ceph-dencoder type MWatchNotify select_test 0 encode decode
error: invalid id for generated object
$ echo $?
1

Fixes: #6510
Signed-off-by: Alan Somers <asomers@gmail.com>

diff --git a/src/test/encoding/ceph_dencoder.cc b/src/test/encoding/ceph_dencoder.cc
index 81abcd1de9e3b9d151e06feb6a1f429799050457..dbed6f524d804bc1341bfa10ce307581db93c2ee 100644 (file)
--- a/src/test/encoding/ceph_dencoder.cc
+++ b/src/test/encoding/ceph_dencoder.cc
@@ -93,7 +93,7 @@ public:
     // allow 0- or 1-based (by wrapping)
     if (i == 0)
       i = m_list.size();
-    if (i > m_list.size())
+    if ((i == 0) || (i > m_list.size()))
       return "invalid id for generated object";
     typename list<T*>::iterator p = m_list.begin();
     for (i--; i > 0 && p != m_list.end(); ++p, --i) ;
@@ -177,7 +177,7 @@ public:
     // allow 0- or 1-based (by wrapping)
     if (i == 0)
       i = m_list.size();
-    if (i > m_list.size())
+    if ((i == 0) || (i > m_list.size()))
       return "invalid id for generated object";
     typename list<T*>::iterator p = m_list.begin();
     for (i--; i > 0 && p != m_list.end(); ++p, --i) ;