From: Andre Noll Date: Tue, 7 Apr 2015 23:56:11 +0000 (+0000) Subject: touch, rm, cpsi, init: Fix initialization of para_buffer. X-Git-Tag: v0.5.5~42 X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=0e75bc32026c5c43fa36e93e82d8b34f89342170 touch, rm, cpsi, init: Fix initialization of para_buffer. Three years ago, in commit 68cb0aef (Introduce afs_max_size_handler_data and afs_max_size_handler()) the afs callbacks were converted to pass a pointer to an afs_max_size_handler_data structure to the dispatcher. This structure is defined as struct afs_max_size_handler_data { int fd; uint8_t band; }; However, we missed to convert the callbacks of the three commands mentioned in the subject. All these commands except init pass a pointer to an int as they did before commit 68cb0aef. Since afs_max_size_handler_data stores one additional byte (the band designator) after the file descriptor, the dispatcher will read one byte past the allocated space. This bug is benign because the max size handler is usually not called for the affected commands, since they never have more than SHMMAX bytes of output. For com_init() we even set the private_data pointer to NULL, so the max size handler will never be called. Let's fix it anyway. --- diff --git a/afs.c b/afs.c index e73c668f..b74cb45c 100644 --- a/afs.c +++ b/afs.c @@ -1011,7 +1011,13 @@ static void create_tables_callback(int fd, const struct osl_object *query) { uint32_t table_mask = *(uint32_t *)query->data; int i, ret; - struct para_buffer pb = {.buf = NULL}; + struct para_buffer pb = { + .max_size = shm_get_shmmax(), + .private_data = &(struct afs_max_size_handler_data) { + .fd = fd, + .band = SBD_OUTPUT + } + }; close_afs_tables(); for (i = 0; i < NUM_AFS_TABLES; i++) { diff --git a/aft.c b/aft.c index ddb2244a..826fc28b 100644 --- a/aft.c +++ b/aft.c @@ -2110,7 +2110,10 @@ static void com_touch_callback(int fd, const struct osl_object *query) struct touch_action_data tad = {.cto = query->data, .pb = { .max_size = shm_get_shmmax(), - .private_data = &fd, + .private_data = &(struct afs_max_size_handler_data) { + .fd = fd, + .band = SBD_OUTPUT + }, .max_size_handler = afs_max_size_handler } }; @@ -2251,7 +2254,10 @@ static void com_rm_callback(int fd, const struct osl_object *query) struct com_rm_action_data crd = {.flags = *(uint32_t *)query->data, .pb = { .max_size = shm_get_shmmax(), - .private_data = &fd, + .private_data = &(struct afs_max_size_handler_data) { + .fd = fd, + .band = SBD_OUTPUT + }, .max_size_handler = afs_max_size_handler } }; @@ -2393,7 +2399,10 @@ static void com_cpsi_callback(int fd, const struct osl_object *query) .flags = *(unsigned *)query->data, .pb = { .max_size = shm_get_shmmax(), - .private_data = &fd, + .private_data = &(struct afs_max_size_handler_data) { + .fd = fd, + .band = SBD_OUTPUT + }, .max_size_handler = afs_max_size_handler } };