Project

General

Profile

Bug #4665

librbd: read_iterate() can overflow its return value

Added by Josh Durgin over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
bobtail
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

If the length requested is longer than int64_t, it will wrap around. This happened to someone on irc when doing an rbd export:

(2013-04-05 13:15:33) mrjack_: what could that be:
(2013-04-05 13:15:34) mrjack_: rbd export kvm00000000943 - | gzip >kvm00000000943.gz
(2013-04-05 13:15:34) mrjack_: rbd: export error: (-2147483648) Unknown error 18446744071562067968

A new version of read_iterate should be created that just returns 0 or an error code as an int, and takes a uint64_t for the length parameter.

Associated revisions

Revision 857c88e0 (diff)
Added by Sage Weil over 7 years ago

librbd: add read_iterate2 call with fixed argument type

The existing read_iterate takes a size_t for the length, which is only 4GB
on 32-bit machines. Instead, take a uint64_t length for the new
read_iterate2().

Return 0 instead of the number of bytes read; this makes the user-facing
API a bit simpler.

Fixes: #4665
Signed-off-by: Sage Weil <>

keep bytes return from internal method

History

#1 Updated by Ian Colle over 7 years ago

  • Priority changed from High to Urgent

#2 Updated by Ian Colle over 7 years ago

Per Josh, this is another easy fix, let's get it into Cuttlefish.

#3 Updated by Sage Weil over 7 years ago

  • Status changed from 12 to In Progress
  • Assignee changed from Josh Durgin to Sage Weil

#4 Updated by Josh Durgin over 7 years ago

  • Status changed from In Progress to Resolved

commit:857c88e017f082b6ef2a81a1890baa7d20672a31

Also available in: Atom PDF