Bug #4123
buffer::list::zero overflows and returns before completion
0%
Description
Overflow¶
When buffer::list::zero is called on a buffer::list with a single "ABC" in one buffer::ptr with buffer::list::zero(0, 1) it zero all buffer::ptr. The expected result is that the "ABC" buffer::ptr is modified to "\0BC"
Returns before completion¶
When buffer::list::zero is called on a buffer::list with "ABC" and "DEF" in two different buffer::ptr with buffer::list::zero(4, 1) it will do nothing. The expected result is that the "DEF" buffer::ptr is modified to "D\0F"
Related issues
Associated revisions
fix buffer::list::zero(unsigned o, unsigned l) to act on all buffer::ptr
When buffer::list::zero was called on a buffer::list with "ABC" and
"DEF" in two different buffer::ptr with buffer::list::zero(4, 1) it
did nothing. The expected result is that the "DEF" buffer::ptr is
modified to "D\0F"
The test to check if the pointer is past the end of range to be zeroed
was reversed. It was o+l >= p which would always be true if the range
spans over the first buffer::ptr . It must be "o+l <= p" meaning the
pointer is past the end of the range and there is no need to loop over
the remaining buffer::ptr in the buffer::list
The p+it->length() >= o+l part of the if (p >= o && p+it->length() >=
o+l) test was also reversed. When called on "ABC" with zero(0, 1) it
would match because the range to be zeroed is contained in the
buffer::ptr. The call to it->zero() would zero the entire buffer::ptr
instead of just the first character.
unit tests are added to demonstrate the two problems with the previous
code and show that the patch fixes them.
http://tracker.ceph.com/issues/4123 refs #4123
Signed-off-by: Loic Dachary <loic@dachary.org>
History
#1 Updated by Loïc Dachary about 11 years ago
- Description updated (diff)
#2 Updated by Loïc Dachary about 11 years ago
- Description updated (diff)
#3 Updated by Loïc Dachary about 11 years ago
- Description updated (diff)
#4 Updated by Loïc Dachary about 11 years ago
The test to check if the pointer is past the end of range to be zeroed is reversed. It is o+l >= p which will always be true if the range spans over the first buffer::ptr . It must be "o+l <= p" meaning the pointer is past the end of the range and there is no need to loop over the remaining buffer::ptr in the buffer::list
#5 Updated by Loïc Dachary about 11 years ago
- Subject changed from buffer::list::zero returns before completion to buffer::list::zero overflows and returns before completion
- Description updated (diff)
#6 Updated by Loïc Dachary about 11 years ago
Here is the proposed fix https://github.com/ceph/ceph/pull/53
#7 Updated by Loïc Dachary about 11 years ago
- Status changed from In Progress to Fix Under Review
#8 Updated by Sage Weil about 11 years ago
- Status changed from Fix Under Review to Resolved