From: Sage Weil <sage@redhat.com>
Date: Mon, 6 Aug 2018 17:57:27 +0000 (-0500)
Subject: osd/OSDMapMapping: do not crash if acting > pool size
X-Git-Tag: v14.0.1~369^2~4
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=f793118656437d955554a6ccbffd2b612533ef85;p=ceph-ci.git

osd/OSDMapMapping: do not crash if acting > pool size

Existing oversized pg_temp mappings (or some other bug) might make acting
exceed the pool size.  Avoid overrunning out buffer if that happens.

Note that the mapping won't be completely accurate in that case!

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/osd/OSDMapMapping.h b/src/osd/OSDMapMapping.h
index 3f14cb8f0c7..e85e85dc6e0 100644
--- a/src/osd/OSDMapMapping.h
+++ b/src/osd/OSDMapMapping.h
@@ -230,8 +230,11 @@ private:
       int32_t *row = &table[row_size() * ps];
       row[0] = acting_primary;
       row[1] = up_primary;
-      row[2] = acting.size();
-      row[3] = up.size();
+      // these should always be <= the pool size, but just in case, avoid
+      // blowing out the array.  Note that our mapping is not completely
+      // accurate in this case--this is just to avoid crashing.
+      row[2] = std::min<int32_t>(acting.size(), size);
+      row[3] = std::min<int32_t>(up.size(), size);
       for (int i = 0; i < row[2]; ++i) {
 	row[4 + i] = acting[i];
       }