From 9772fc4e22c647914444b78e773fa406364ce517 Mon Sep 17 00:00:00 2001 From: "Anthony J. Thibault" Date: Thu, 28 Jun 2018 14:04:59 -0700 Subject: [PATCH 1/2] Guard against memory corruption in Space::processResets() Check the proxyID before reading from the _proxies vector and writing into the _owners vector. --- libraries/workload/src/workload/Space.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libraries/workload/src/workload/Space.cpp b/libraries/workload/src/workload/Space.cpp index 27a8639f3a..10e61c5661 100644 --- a/libraries/workload/src/workload/Space.cpp +++ b/libraries/workload/src/workload/Space.cpp @@ -44,6 +44,11 @@ void Space::processResets(const Transaction::Resets& transactions) { for (auto& reset : transactions) { // Access the true item auto proxyID = std::get<0>(reset); + + // Guard against proxyID being past the end of the list. + if (proxyID >= _proxies.size() || proxyID >= _owners.size()) { + continue; + } auto& item = _proxies[proxyID]; // Reset the item with a new payload From 17f9a01fa20486eef87ee8c3c91eb8a4465f26e0 Mon Sep 17 00:00:00 2001 From: "Anthony J. Thibault" Date: Thu, 28 Jun 2018 15:29:01 -0700 Subject: [PATCH 2/2] Fix signed unsigned compare warning --- libraries/workload/src/workload/Space.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/workload/src/workload/Space.cpp b/libraries/workload/src/workload/Space.cpp index 10e61c5661..54fad79741 100644 --- a/libraries/workload/src/workload/Space.cpp +++ b/libraries/workload/src/workload/Space.cpp @@ -46,7 +46,7 @@ void Space::processResets(const Transaction::Resets& transactions) { auto proxyID = std::get<0>(reset); // Guard against proxyID being past the end of the list. - if (proxyID >= _proxies.size() || proxyID >= _owners.size()) { + if (proxyID < 0 || proxyID >= (int32_t)_proxies.size() || proxyID >= (int32_t)_owners.size()) { continue; } auto& item = _proxies[proxyID];