touch, rm, cpsi, init: Fix initialization of para_buffer.

Three years ago, in commit 68cb0aef (Introduce
afs_max_size_handler_data and afs_max_size_handler()) the afs callbacks
were converted to pass a pointer to an afs_max_size_handler_data
structure to the dispatcher. This structure is defined as

	struct afs_max_size_handler_data {
		int fd;
		uint8_t band;
	};

However, we missed to convert the callbacks of the three commands
mentioned in the subject. All these commands except init pass
a pointer to an int as they did before commit 68cb0aef. Since
afs_max_size_handler_data stores one additional byte (the band
designator) after the file descriptor, the dispatcher will read one
byte past the allocated space.

This bug is benign because the max size handler is usually not called
for the affected commands, since they never have more than SHMMAX
bytes of output. For com_init() we even set the private_data pointer
to NULL, so the max size handler will never be called.

Let's fix it anyway.

diff --git a/afs.c b/afs.c
index e73c668fb6d93b3a200eb841e4d4c34ce4b48e59..b74cb45c715adc34a1be87c32b2a251fc5dfdd86 100644 (file)
--- a/afs.c
+++ b/afs.c
@@ -1011,7 +1011,13 @@ static void create_tables_callback(int fd, const struct osl_object *query)
 {
        uint32_t table_mask = *(uint32_t *)query->data;
        int i, ret;
-       struct para_buffer pb = {.buf = NULL};
+       struct para_buffer pb = {
+               .max_size = shm_get_shmmax(),
+               .private_data = &(struct afs_max_size_handler_data) {
+                       .fd = fd,
+                       .band = SBD_OUTPUT
+               }
+       };
 
        close_afs_tables();
        for (i = 0; i < NUM_AFS_TABLES; i++) {

diff --git a/aft.c b/aft.c
index ddb2244a550fa7ea1f1c5ddf327efe4fd3c58c05..826fc28bb84c0f839958dbf3f2f5936728f03f6f 100644 (file)
--- a/aft.c
+++ b/aft.c
@@ -2110,7 +2110,10 @@ static void com_touch_callback(int fd, const struct osl_object *query)
        struct touch_action_data tad = {.cto = query->data,
                .pb = {
                        .max_size = shm_get_shmmax(),
-                       .private_data = &fd,
+                       .private_data = &(struct afs_max_size_handler_data) {
+                               .fd = fd,
+                               .band = SBD_OUTPUT
+                       },
                        .max_size_handler = afs_max_size_handler
                }
        };
@@ -2251,7 +2254,10 @@ static void com_rm_callback(int fd, const struct osl_object *query)
        struct com_rm_action_data crd = {.flags = *(uint32_t *)query->data,
                .pb = {
                        .max_size = shm_get_shmmax(),
-                       .private_data = &fd,
+                       .private_data = &(struct afs_max_size_handler_data) {
+                               .fd = fd,
+                               .band = SBD_OUTPUT
+                       },
                        .max_size_handler = afs_max_size_handler
                }
        };
@@ -2393,7 +2399,10 @@ static void com_cpsi_callback(int fd, const struct osl_object *query)
                .flags = *(unsigned *)query->data,
                .pb = {
                        .max_size = shm_get_shmmax(),
-                       .private_data = &fd,
+                       .private_data = &(struct afs_max_size_handler_data) {
+                               .fd = fd,
+                               .band = SBD_OUTPUT
+                       },
                        .max_size_handler = afs_max_size_handler
                }
        };