Off-by-one error in pool consistency check

I'm getting a segmentation fault on this line because pool->objects can be NULL. I suspect this > should be >=, though I'm not quite sure. Signed-off-by: Eric Mertens <emertens@gmail.com>
latchset · Jul 22, 2024 · fe03d43 · fe03d43
1 parent b0e23ce
commit fe03d43
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/objects.c b/src/objects.c
@@ -234,7 +234,7 @@ static void obj_rm_from_pool(P11PROV_OBJ *obj)
     }
 
     /* LOCKED SECTION ------------- */
-    if (obj->poolid > pool->size || pool->objects[obj->poolid] != obj) {
+    if (obj->poolid >= pool->size || pool->objects[obj->poolid] != obj) {
         ret = CKR_GENERAL_ERROR;
         P11PROV_raise(pool->provctx, ret, "Objects pool in inconsistent state");
         goto done;