From 26228ed701870a3625a41f798359d4e550b248b8 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@gmail.com>
Date: Tue, 15 Oct 2013 13:06:06 -0700
Subject: [PATCH] ceph-dencoder: select_generated() should properly validate
 its input

If m_list.size() == 0, then calling select_generated(0) will result in
uninitialized data being assigned to m_object, which will cause a segfault
down the road. This patch fixes that.

To Reproduce:
$ ceph-dencoder type MWatchNotify select_test 0 encode decode
Segmentation fault (core dumped)

After the patch:
$ ./ceph-dencoder type MWatchNotify select_test 0 encode decode
error: invalid id for generated object
$ echo $?
1

Fixes: #6510
Signed-off-by: Alan Somers <asomers@gmail.com>
---
 src/test/encoding/ceph_dencoder.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/encoding/ceph_dencoder.cc b/src/test/encoding/ceph_dencoder.cc
index 81abcd1de9e3b..dbed6f524d804 100644
--- a/src/test/encoding/ceph_dencoder.cc
+++ b/src/test/encoding/ceph_dencoder.cc
@@ -93,7 +93,7 @@ public:
     // allow 0- or 1-based (by wrapping)
     if (i == 0)
       i = m_list.size();
-    if (i > m_list.size())
+    if ((i == 0) || (i > m_list.size()))
       return "invalid id for generated object";
     typename list<T*>::iterator p = m_list.begin();
     for (i--; i > 0 && p != m_list.end(); ++p, --i) ;
@@ -177,7 +177,7 @@ public:
     // allow 0- or 1-based (by wrapping)
     if (i == 0)
       i = m_list.size();
-    if (i > m_list.size())
+    if ((i == 0) || (i > m_list.size()))
       return "invalid id for generated object";
     typename list<T*>::iterator p = m_list.begin();
     for (i--; i > 0 && p != m_list.end(); ++p, --i) ;
-- 
2.39.5