From 1a8f1a72d72f90ecf864e565e7a3363b6b83d37e Mon Sep 17 00:00:00 2001
From: Roland Mainz <roland.mainz@nrubsig.org>
Date: Tue, 5 Nov 2024 15:45:59 +0100
Subject: [PATCH] daemon: Fix DrMemory hit in |bitmap_intersect()|

Fix DrMemory hit in |bitmap_intersect()|, which happened
because arr mask data were accessed beyond the maximum
index specified by |bitmap4.count|.

Example:
---- snip ----
Error #1: UNINITIALIZED READ: reading 4 byte(s)
0 bitmap_intersect                   [ms-nfs41-client\daemon\util.h:123]
1 nfs41_superblock_supported_attrs   [ms-nfs41-client\daemon\nfs41.h:491]
2 nfs41_open                         [ms-nfs41-client\daemon\nfs41_ops.c:535]
3 do_open                            [ms-nfs41-client\daemon\open.c:311]
4 open_or_delegate                   [ms-nfs41-client\daemon\open.c:352]
5 handle_open                        [ms-nfs41-client\daemon\open.c:972]
6 upcall_handle                      [ms-nfs41-client\daemon\upcall.c:220]
7 nfsd_worker_thread_main            [ms-nfs41-client\daemon\nfs41_daemon.c:201]
8 nfsd_thread_main                   [ms-nfs41-client\daemon\nfs41_daemon.c:239]
9 KERNEL32.dll!BaseThreadInitThunk  +0x13     (0x00007ffbfeca7374 <KERNEL32.dll+0x17374>)
---- snip ----

Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com>
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
---
 daemon/util.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/daemon/util.h b/daemon/util.h
index cbc82cc..a20125e 100644
--- a/daemon/util.h
+++ b/daemon/util.h
@@ -117,13 +117,13 @@ static __inline void bitmap_unset(
 static __inline void bitmap_intersect(
     IN bitmap4 *dst,
     IN const bitmap4 *src)
-{
-    uint32_t i, count = 0;
-    for (i = 0; i < 3; i++) {
-        dst->arr[i] &= src->arr[i];
-        if (dst->arr[i])
-            count = i+1;
-    }
+{
+    uint32_t i, count = 0;
+    for (i = 0; i < 3; i++) {
+        dst->arr[i] = ((i < dst->count)?dst->arr[i]:0) & ((i < src->count)?src->arr[i]:0);
+        if (dst->arr[i])
+            count = i+1;
+    }
     dst->count = min(dst->count, count);
 }