From 92b8a2091414c0024fe9fd35aed6891308c9dc26 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 18 Feb 2013 05:46:45 +0000 Subject: ioutil: fix memory access error on from mog_iou_write sizeof(buf) returns the size of the pointer if buf is a passed parameter, even if it the function prototype dictates a fixed size for buf as we do in mog_iou_write. While we're at it, make our mog_iou_write buf parameter const. This bug was introduced in: commit a960a351b2248a196c91cdbf6256f98e1bc2ef37 "split iostat util% tracking from mountlist" and never affected an official release of cmogstored. This bug was caught while testing on a 32-bit GNU/Linux machine. My normal 32-bit FreeBSD 9.0 environment did not catch this as iostat on that platform only reports integer percentages and does not need more than 4 bytes. --- cmogstored.h | 2 +- ioutil.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmogstored.h b/cmogstored.h index d5f6137..73e1353 100644 --- a/cmogstored.h +++ b/cmogstored.h @@ -486,7 +486,7 @@ bool mog_valid_put_path(const char *buf, size_t len); void mog_iou_cleanup_begin(void); void mog_iou_cleanup_finish(void); void mog_iou_read(dev_t, char buf[MOG_IOUTIL_LEN]); -void mog_iou_write(dev_t, char buf[MOG_IOUTIL_LEN]); +void mog_iou_write(dev_t, const char buf[MOG_IOUTIL_LEN]); void mog_iou_active(dev_t); #include "activeq.h" diff --git a/ioutil.c b/ioutil.c index 88050a5..9323a32 100644 --- a/ioutil.c +++ b/ioutil.c @@ -121,17 +121,17 @@ void mog_iou_read(dev_t st_dev, char buf[MOG_IOUTIL_LEN]) CHECK(int, 0, pthread_mutex_lock(&iou_lock)); iou = iou_vivify(st_dev); - memcpy(buf, iou->util, sizeof(buf)); + memcpy(buf, iou->util, MOG_IOUTIL_LEN); CHECK(int, 0, pthread_mutex_unlock(&iou_lock)); } -void mog_iou_write(dev_t st_dev, char buf[MOG_IOUTIL_LEN]) +void mog_iou_write(dev_t st_dev, const char buf[MOG_IOUTIL_LEN]) { struct ioutil *iou; CHECK(int, 0, pthread_mutex_lock(&iou_lock)); iou = iou_vivify(st_dev); - memcpy(iou->util, buf, sizeof(iou->util)); + memcpy(iou->util, buf, MOG_IOUTIL_LEN); CHECK(int, 0, pthread_mutex_unlock(&iou_lock)); } -- cgit v1.2.3-24-ge0c7