[Bugs] [Bug 1129939] NetBSD port
bugzilla at redhat.com
bugzilla at redhat.com
Fri Nov 28 16:33:49 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1129939
--- Comment #189 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/9204 committed in master by Vijay Bellur
(vbellur at redhat.com)
------
commit dcbab25710aa60a22708a0de8c41735bfca06d07
Author: Emmanuel Dreyfus <manu at netbsd.org>
Date: Thu Nov 27 09:13:36 2014 +0100
posix: Fix buffer overrun in _handle_list_xattr()
In _handle_list_xattr() we test remaining_size > 0 to check that
we do not overrun the buffer, but since that variable was unsigned
(size_t), the condition would let us go beyond end of buffer if
remaining_size became negative.
This could happen if attribute list grew between the first
sys_llistxattr() call that gets the size and the second sys_llistxattr()
call that get the data. We fix the problem by making remaining_size
signed (ssize_t). This also matches sys_llistxattr() return type.
While there, we use the size returned by the second sys_llistxattr()
call to parse the buffser, as it may also be smaller than the size
obtained from first call, if attribute list shrank.
This fixes a spurious crash in tests/basic/afr/resolve.t
BUG: 1129939
Change-Id: Ifc5884dd0f39a50bf88aa51fefca8e2fa22ea913
Signed-off-by: Emmanuel Dreyfus <manu at netbsd.org>
Reviewed-on: http://review.gluster.org/9204
Tested-by: Gluster Build System <jenkins at build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle at redhat.com>
Reviewed-by: Vijay Bellur <vbellur at redhat.com>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Bugs
mailing list