From: Edwin Rodriguez <edwin.rodriguez1@ibm.com>
Date: Thu, 7 Aug 2025 15:48:38 +0000 (-0400)
Subject: osdc: Update CB_ObjectOperation_decodevals and CB_ObjectOperation_decodekeys to persi... 
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=f5ea624c0c5eb88a2ac2cb1254e8b9014923c05a;p=ceph-ci.git

osdc: Update CB_ObjectOperation_decodevals and CB_ObjectOperation_decodekeys to persist temp val

The callback object would create a local variable then save the address of the
local variable in the object which will later be referenced. This leads
to access stack memory that is no longer in scope,
possibly not even in the same thread.

Fixes: https://tracker.ceph.com/issues/72403
Signed-off-by: Edwin Rodriguez <edwin.rodriguez1@ibm.com>
---

diff --git a/src/osdc/Objecter.h b/src/osdc/Objecter.h
index 51f1687fc49..8663681d652 100644
--- a/src/osdc/Objecter.h
+++ b/src/osdc/Objecter.h
@@ -673,6 +673,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodevals {
     uint64_t max_entries;
     Vals* pattrs;
+    Vals ignore;
     bool* ptruncated;
     int* prval;
     boost::system::error_code* pec;
@@ -691,7 +692,6 @@ struct ObjectOperation {
 	  if (pattrs)
 	    decode(*pattrs, p);
 	  if (ptruncated) {
-	    Vals ignore;
 	    if (!pattrs) {
 	      decode(ignore, p);
 	      pattrs = &ignore;
@@ -718,6 +718,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodekeys {
     uint64_t max_entries;
     Keys* pattrs;
+    Keys ignore;
     bool *ptruncated;
     int *prval;
     boost::system::error_code* pec;
@@ -736,7 +737,6 @@ struct ObjectOperation {
 	  if (pattrs)
 	    decode(*pattrs, p);
 	  if (ptruncated) {
-	    Keys ignore;
 	    if (!pattrs) {
 	      decode(ignore, p);
 	      pattrs = &ignore;