From: Aleksei Gutikov <aleksey.gutikov@synesis.ru>
Date: Thu, 6 Jul 2017 08:27:42 +0000 (+0300)
Subject: rgw: fix not initialized pointer which cause rgw crash with ec data pool
X-Git-Tag: v12.1.1~92^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=3e938dd9fe681fa8652dc4b0ec1dc56781d884c0;p=ceph-ci.git

rgw: fix not initialized pointer which cause rgw crash with ec data pool

In RGWPutObjProcessor_Atomic::complete_writing_data()
with pending_data_bl.length() > 0 and next_part_ofs==data_ofs
not initialized void *handle leads to invalid pointer librados::AioCompletion::pc
which leads to rgw crash.

Fixes: http://tracker.ceph.com/issues/20542
Signed-off-by: Aleksei Gutikov <aleksey.gutikov@synesis.ru>
---

diff --git a/src/rgw/rgw_rados.cc b/src/rgw/rgw_rados.cc
index 86138545210..8070f76442f 100644
--- a/src/rgw/rgw_rados.cc
+++ b/src/rgw/rgw_rados.cc
@@ -2557,8 +2557,10 @@ int RGWPutObjProcessor_Atomic::write_data(bufferlist& bl, off_t ofs, void **phan
 
   *pobj = cur_obj;
 
-  if (!bl.length())
+  if (!bl.length()) {
+    *phandle = nullptr;
     return 0;
+  }
 
   return RGWPutObjProcessor_Aio::handle_obj_data(cur_obj, bl, ofs - cur_part_ofs, ofs, phandle, exclusive);
 }
@@ -2683,7 +2685,7 @@ int RGWPutObjProcessor_Atomic::complete_writing_data()
     obj_len = (uint64_t)first_chunk.length();
   }
   while (pending_data_bl.length()) {
-    void *handle;
+    void *handle = nullptr;
     rgw_raw_obj obj;
     uint64_t max_write_size = MIN(max_chunk_size, (uint64_t)next_part_ofs - data_ofs);
     if (max_write_size > pending_data_bl.length()) {
@@ -3338,7 +3340,7 @@ int RGWRados::get_required_alignment(const rgw_pool& pool, uint64_t *alignment)
 
 int RGWRados::get_max_chunk_size(const rgw_pool& pool, uint64_t *max_chunk_size)
 {
-  uint64_t alignment;
+  uint64_t alignment = 0;
   int r = get_required_alignment(pool, &alignment);
   if (r < 0) {
     return r;