Undefined Behavior case in SetPermissionInternal function.

+1 vote

Hi all,

I have question about the code written in the 'mc_Permissions::SetPermissionInternal' function of 'src/permissions/permission.cpp' file.

The following snippet code shows the Undefined behavior case which I would like to understand.

With such UB case the code seems to work somehow on 64 bit machine. 

...

uint32_t types[9];

    uint32_t pr_entity,pr_address,pr_admin;

    num_types=0;  // num_types is 0

    types[num_types]=MC_PTP_CONNECT;num_types++; // num_types is 1

    types[num_types]=MC_PTP_SEND;num_types++;// num_types is 2

    types[num_types]=MC_PTP_RECEIVE;num_types++;// num_types is 3

    if(mc_gState->m_Features->Streams())

    {

        types[num_types]=MC_PTP_WRITE;num_types++;     // num_types is 4   

        types[num_types]=MC_PTP_CREATE;num_types++;        // num_types is 5

    }

    types[num_types]=MC_PTP_ISSUE;num_types++;// num_types is 6

    types[num_types]=MC_PTP_MINE;num_types++;// num_types is 7

    types[num_types]=MC_PTP_ACTIVATE;num_types++;   // num_types is 8     

    types[num_types]=MC_PTP_ADMIN;num_types++;    // num_types is 9    

    if(mc_gState->m_Features->Upgrades())

    {

        types[num_types]=MC_PTP_UPGRADE;num_types++;          // num_types is 10              

    }    

    err=MC_ERR_NOERROR;

    for(i=0;i<num_types;i++) // As num_types is equal to 10 the last value of the variable 'i' is 9.

    {

        if(types[i] & type)   // at this point when 'i' has value 9 the code tries to get types[9] which is Undefined Behavior.

...

 

I would really appreciate detailed explanation of this piece if my understanding is wrong and the code above is not just a bug.

 

Thanks,

Arsen

asked Nov 16, 2017 by Arsen

1 Answer

0 votes

Yes, it's a bug – thank you. It just happens to be a safe bug because most compilers allocate stack variables in big enough chunks that the types array acted as if it was larger. We'll fix it of course.

answered Nov 16, 2017 by MultiChain
...