Project

General

Profile

Actions
Copy link

Bug #4665

closed

librbd: read_iterate() can overflow its return value

Added by Josh Durgin about 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Sage Weil
Target version:
v0.61 - Cuttlefish
% Done:

0%

Source:
Development
Tags:
Backport:
bobtail
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

If the length requested is longer than int64_t, it will wrap around. This happened to someone on irc when doing an rbd export:

(2013-04-05 13:15:33) mrjack_: what could that be:
(2013-04-05 13:15:34) mrjack_: rbd export kvm00000000943 - | gzip >kvm00000000943.gz
(2013-04-05 13:15:34) mrjack_: rbd: export error: (-2147483648) Unknown error 18446744071562067968

A new version of read_iterate should be created that just returns 0 or an error code as an int, and takes a uint64_t for the length parameter.

Actions
Copy link
 #1

Updated by Ian Colle almost 11 years ago

  • Priority changed from High to Urgent
Actions
Copy link
 #2

Updated by Ian Colle almost 11 years ago

Per Josh, this is another easy fix, let's get it into Cuttlefish.

Actions
Copy link
 #3

Updated by Sage Weil almost 11 years ago

  • Status changed from 12 to In Progress
  • Assignee changed from Josh Durgin to Sage Weil
Actions
Copy link
 #4

Updated by Josh Durgin almost 11 years ago

  • Status changed from In Progress to Resolved

commit:857c88e017f082b6ef2a81a1890baa7d20672a31

Actions
Copy link

Also available in: Atom PDF