[Bugs] [Bug 1138897] NetBSD port

Sat Dec 20 09:39:48 UTC 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1138897


--- Comment #69 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/9215 committed in release-3.6 by Raghavendra
Bhat (raghavendra at redhat.com) 
------
commit 4973b6c54e0887f260e2b7507dcc1ac76a36a612
Author: Emmanuel Dreyfus <manu at netbsd.org>
Date:   Fri Nov 28 17:49:25 2014 +0100

    posix: Fix buffer overrun in _handle_list_xattr()

    In _handle_list_xattr() we test remaining_size > 0 to check that
    we do not overrun the buffer, but since that variable was unsigned
    (size_t), the condition would let us go beyond end of buffer if
    remaining_size became negative.

    This could happen if attribute list grew between the first
    sys_llistxattr() call that gets the size and the second sys_llistxattr()
    call that get the data. We fix the problem by making remaining_size
    signed (ssize_t). This also matches sys_llistxattr() return type.

    While there, we use the size returned by the second sys_llistxattr()
    call to parse the buffser, as it may also be smaller than the size
    obtained from first call, if attribute list shrank.

    This fixes a spurious crash in tests/basic/afr/resolve.t

    backport of: Ifc5884dd0f39a50bf88aa51fefca8e2fa22ea913

    BUG: 1138897
    Change-Id: I37d4816b9cb246e34c92994cb969dc2be80be20d
    Signed-off-by: Emmanuel Dreyfus <manu at netbsd.org>
    Reviewed-on: http://review.gluster.org/9215
    Tested-by: Gluster Build System <jenkins at build.gluster.com>
    Reviewed-by: Raghavendra Bhat <raghavendra at redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.