common: assert if buffer advance length overflow

In the old ceph version, buffer advance length was defined as int, but
in async msg, the real length of data buffer was defined as unsigned.

Occassionly some MDS message back from OSD was too large, which caused
this length overflow and made MDS crash.

For compatibility reason, add an assertion here if buffer advance length
is overflow.

Fixes: http://tracker.ceph.com/issues/36340
Signed-off-by: Zhi Zhang <zhangz.david@outlook.com>

diff --git a/src/msg/async/Protocol.cc b/src/msg/async/Protocol.cc
index 9d3fa503fbbfeb7651cb13065656e979ab57b815..bcd384e5e72a5bece8a3457cd2a54adfc4c79b7f 100644 (file)
--- a/src/msg/async/Protocol.cc
+++ b/src/msg/async/Protocol.cc
@@ -827,6 +827,7 @@ void ProtocolV1::handle_message_data(char *buffer, int r) {
 
   bufferptr bp = data_blp.get_current_ptr();
   unsigned read_len = std::min(bp.length(), msg_left);
+  ceph_assert(read_len < std::numeric_limits<int>::max());
   data_blp.advance(read_len);
   data.append(bp, 0, read_len);
   msg_left -= read_len;