From 65ce86255bbfd00beaced4ff156b4c707120c7e0 Mon Sep 17 00:00:00 2001
From: Raghavendra Talur <rtalur@redhat.com>
Date: Mon, 4 Jul 2016 18:36:26 +0530
Subject: [PATCH 197/198] gfapi: update count when glfs_buf_copy is used
glfs_buf_copy collates all iovecs into a iovec with count=1. If
gio->count is not updated it will lead to dereferencing of invalid
address.
Backport of:
> Backport of http://review.gluster.org/#/c/14854
> Change-Id: I7c58071d5c6515ec6fee3ab36af206fa80cf37c3
> BUG: 1352482
> Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
> Signed-off-by: Poornima G <pgurusid@redhat.com>
> Reported-By: Lindsay Mathieson <lindsay.mathieson@gmail.com>
> Reported-By: Dmitry Melekhov <dm@belkam.com>
> Reported-By: Tom Emerson <TEmerson@cyberitas.com>
> Reviewed-on: http://review.gluster.org/14859
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Prashanth Pai <ppai@redhat.com>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
this fixes BZ 1369412 as well
Change-Id: Ib0e537a195198420966e1d8b0a7ae6107bc71ccd
BUG: 1369390
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/82405
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
---
api/src/glfs-fops.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index 7dfab5b..e396221 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -1151,12 +1151,13 @@ pub_glfs_pwritev_async (struct glfs_fd *glfd, const struct iovec *iovec,
gio->op = GF_FOP_WRITE;
gio->glfd = glfd;
- gio->count = count;
gio->offset = offset;
gio->flags = flags;
gio->fn = fn;
gio->data = data;
- gio->iov = GF_CALLOC (1, sizeof (*(gio->iov)), gf_common_mt_iovec);
+ gio->count = 1;
+ gio->iov = GF_CALLOC (gio->count, sizeof (*(gio->iov)),
+ gf_common_mt_iovec);
if (!gio->iov) {
errno = ENOMEM;
goto out;
--
1.7.1