Project

General

Profile

Bug #4123

buffer::list::zero overflows and returns before completion

Added by Loïc Dachary about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
common
Target version:
-
% Done:

0%

Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Overflow

When buffer::list::zero is called on a buffer::list with a single "ABC" in one buffer::ptr with buffer::list::zero(0, 1) it zero all buffer::ptr. The expected result is that the "ABC" buffer::ptr is modified to "\0BC"

Returns before completion

When buffer::list::zero is called on a buffer::list with "ABC" and "DEF" in two different buffer::ptr with buffer::list::zero(4, 1) it will do nothing. The expected result is that the "DEF" buffer::ptr is modified to "D\0F"


Related issues

Related to Ceph - Tasks #4066: unit tests for src/include/buffer.h Resolved 02/09/2013 02/16/2013

Associated revisions

Revision 02a353e5 (diff)
Added by Loïc Dachary about 11 years ago

fix buffer::list::zero(unsigned o, unsigned l) to act on all buffer::ptr

When buffer::list::zero was called on a buffer::list with "ABC" and
"DEF" in two different buffer::ptr with buffer::list::zero(4, 1) it
did nothing. The expected result is that the "DEF" buffer::ptr is
modified to "D\0F"

The test to check if the pointer is past the end of range to be zeroed
was reversed. It was o+l >= p which would always be true if the range
spans over the first buffer::ptr . It must be "o+l <= p" meaning the
pointer is past the end of the range and there is no need to loop over
the remaining buffer::ptr in the buffer::list

The p+it->length() >= o+l part of the if (p >= o && p+it->length() >=
o+l) test was also reversed. When called on "ABC" with zero(0, 1) it
would match because the range to be zeroed is contained in the
buffer::ptr. The call to it->zero() would zero the entire buffer::ptr
instead of just the first character.

unit tests are added to demonstrate the two problems with the previous
code and show that the patch fixes them.

http://tracker.ceph.com/issues/4123 refs #4123

Signed-off-by: Loic Dachary <>

History

#1 Updated by Loïc Dachary about 11 years ago

  • Description updated (diff)

#2 Updated by Loïc Dachary about 11 years ago

  • Description updated (diff)

#3 Updated by Loïc Dachary about 11 years ago

  • Description updated (diff)

#4 Updated by Loïc Dachary about 11 years ago

The test to check if the pointer is past the end of range to be zeroed is reversed. It is o+l >= p which will always be true if the range spans over the first buffer::ptr . It must be "o+l <= p" meaning the pointer is past the end of the range and there is no need to loop over the remaining buffer::ptr in the buffer::list

#5 Updated by Loïc Dachary about 11 years ago

  • Subject changed from buffer::list::zero returns before completion to buffer::list::zero overflows and returns before completion
  • Description updated (diff)

#6 Updated by Loïc Dachary about 11 years ago

Here is the proposed fix https://github.com/ceph/ceph/pull/53

#7 Updated by Loïc Dachary about 11 years ago

  • Status changed from In Progress to Fix Under Review

#8 Updated by Sage Weil about 11 years ago

  • Status changed from Fix Under Review to Resolved

Also available in: Atom PDF