From: Andre Noll <maan@systemlinux.org>
Date: Wed, 13 Jan 2010 23:11:46 +0000 (+0100)
Subject: [btr] Fix merge_input_pool().
X-Git-Tag: v0.4.2~103
X-Git-Url: https://git.tuebingen.mpg.de/?a=commitdiff_plain;h=8fa697a6fc4430625cfd66fdce6e36bd8aec739b;p=paraslash.git

[btr] Fix merge_input_pool().

This function contained the following bug: wbr, buf1 and sz1 could
be used without being initialized. This was sometimes hitting the
assertion (buf1 && buf2).

Fix this by initializing these variables at the top.
---

diff --git a/buffer_tree.c b/buffer_tree.c
index dfecf10a..40079c2f 100644
--- a/buffer_tree.c
+++ b/buffer_tree.c
@@ -582,18 +582,20 @@ static bool need_buffer_pool_merge(struct btr_node *btrn)
 
 static void merge_input_pool(struct btr_node *btrn, size_t dest_size)
 {
-	struct btr_buffer_reference *br, *wbr;
+	struct btr_buffer_reference *br, *wbr = NULL;
 	int num_refs; /* including wrap buffer */
-	char *buf, *buf1, *buf2 = NULL;
-	size_t sz, sz1, sz2 = 0, wsz;
+	char *buf, *buf1 = NULL, *buf2 = NULL;
+	size_t sz, sz1 = 0, sz2 = 0, wsz;
 
-	if (list_empty(&btrn->input_queue))
+	br = get_first_input_br(btrn);
+	if (!br || br_available_bytes(br) >= dest_size)
 		return;
-
 	num_refs = 0;
 	FOR_EACH_BUFFER_REF(br, btrn) {
 		num_refs++;
 		sz = btr_get_buffer_by_reference(br, &buf);
+		if (sz == 0)
+			break;
 		if (br->wrap_count != 0) {
 			assert(!wbr);
 			assert(num_refs == 1);
@@ -622,15 +624,15 @@ next:
 		if (sz1 + sz2 >= dest_size)
 			break;
 	}
+	if (!buf2) /* nothing to do */
+		return;
+	assert(buf1 && sz2 > 0);
 	/*
 	 * If the second buffer is large, we only take the first part of it to
 	 * avoid having to memcpy() huge buffers.
 	 */
 	sz2 = PARA_MIN(sz2, (size_t)(64 * 1024));
 	if (!wbr) {
-		assert(buf1);
-		if (!buf2) /* nothing to do */
-			return;
 		/* Make a new wrap buffer combining buf1 and buf2. */
 		sz = sz1 + sz2;
 		buf = para_malloc(sz);
@@ -647,6 +649,7 @@ next:
 		para_list_add(&br->node, &btrn->input_queue);
 		return;
 	}
+	PARA_DEBUG_LOG("increasing wrap buffer, sz1: %zu, sz2: %zu\n", sz1, sz2);
 	/*
 	 * We already have a wrap buffer, but it is too small. It might be
 	 * partially used.
@@ -654,10 +657,8 @@ next:
 	wsz = br_available_bytes(wbr);
 	if (wbr->wrap_count == sz1 && wbr->btrb->size >= sz1 + sz2) /* nothing we can do about it */
 		return;
-	assert(buf1 && buf2);
 	sz = sz1 + sz2 - wbr->btrb->size; /* amount of new data */
 	wbr->btrb->size += sz;
-	PARA_DEBUG_LOG("increasing wrap buffer to %zu\n", wbr->btrb->size);
 	wbr->btrb->buf = para_realloc(wbr->btrb->buf, wbr->btrb->size);
 	/* copy the new data to the end of the reallocated buffer */
 	assert(sz2 >= sz);