From 1c886b78cc5ba93270cddb58a3387d5f746b911b Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Tue, 30 Sep 2008 12:58:17 -0700
Subject: [PATCH] kclient: fix bad pointer arithmetic in messenger

This was causing intermittent slab corruption when TCP fragmented the stream in unusual ways.
---
 src/kernel/messenger.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/kernel/messenger.c b/src/kernel/messenger.c
index 423e3e9770f98..12ac161354370 100644
--- a/src/kernel/messenger.c
+++ b/src/kernel/messenger.c
@@ -1006,7 +1006,8 @@ static int read_message_partial(struct ceph_connection *con)
 	/* header */
 	while (con->in_base_pos < sizeof(m->hdr)) {
 		left = sizeof(m->hdr) - con->in_base_pos;
-		ret = ceph_tcp_recvmsg(con->sock, &m->hdr + con->in_base_pos,
+		ret = ceph_tcp_recvmsg(con->sock,
+				       (char *)&m->hdr + con->in_base_pos,
 				       left);
 		if (ret <= 0)
 			return ret;
@@ -1086,7 +1087,7 @@ static int read_message_partial(struct ceph_connection *con)
 	/* footer */
 	while (con->in_base_pos < sizeof(m->hdr) + sizeof(m->footer)) {
 		left = sizeof(m->hdr) + sizeof(m->footer) - con->in_base_pos;
-		ret = ceph_tcp_recvmsg(con->sock, &m->footer +
+		ret = ceph_tcp_recvmsg(con->sock, (char *)&m->footer +
 				       (con->in_base_pos - sizeof(m->hdr)),
 				       left);
 		if (ret <= 0)
-- 
2.39.5