From 3e938dd9fe681fa8652dc4b0ec1dc56781d884c0 Mon Sep 17 00:00:00 2001 From: Aleksei Gutikov Date: Thu, 6 Jul 2017 11:27:42 +0300 Subject: [PATCH] rgw: fix not initialized pointer which cause rgw crash with ec data pool In RGWPutObjProcessor_Atomic::complete_writing_data() with pending_data_bl.length() > 0 and next_part_ofs==data_ofs not initialized void *handle leads to invalid pointer librados::AioCompletion::pc which leads to rgw crash. Fixes: http://tracker.ceph.com/issues/20542 Signed-off-by: Aleksei Gutikov --- src/rgw/rgw_rados.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_rados.cc b/src/rgw/rgw_rados.cc index 86138545210..8070f76442f 100644 --- a/src/rgw/rgw_rados.cc +++ b/src/rgw/rgw_rados.cc @@ -2557,8 +2557,10 @@ int RGWPutObjProcessor_Atomic::write_data(bufferlist& bl, off_t ofs, void **phan *pobj = cur_obj; - if (!bl.length()) + if (!bl.length()) { + *phandle = nullptr; return 0; + } return RGWPutObjProcessor_Aio::handle_obj_data(cur_obj, bl, ofs - cur_part_ofs, ofs, phandle, exclusive); } @@ -2683,7 +2685,7 @@ int RGWPutObjProcessor_Atomic::complete_writing_data() obj_len = (uint64_t)first_chunk.length(); } while (pending_data_bl.length()) { - void *handle; + void *handle = nullptr; rgw_raw_obj obj; uint64_t max_write_size = MIN(max_chunk_size, (uint64_t)next_part_ofs - data_ofs); if (max_write_size > pending_data_bl.length()) { @@ -3338,7 +3340,7 @@ int RGWRados::get_required_alignment(const rgw_pool& pool, uint64_t *alignment) int RGWRados::get_max_chunk_size(const rgw_pool& pool, uint64_t *max_chunk_size) { - uint64_t alignment; + uint64_t alignment = 0; int r = get_required_alignment(pool, &alignment); if (r < 0) { return r; -- 2.39.5