From 552090d71a3b2fe61b8c828c05afdc8e0fc43878 Mon Sep 17 00:00:00 2001
From: Zhi Zhang <willzzhang@tencent.com>
Date: Tue, 16 Oct 2018 14:26:14 +0800
Subject: [PATCH] common: assert if buffer advance length overflow

In the old ceph version, buffer advance length was defined as int, but
in async msg, the real length of data buffer was defined as unsigned.

Occassionly some MDS message back from OSD was too large, which caused
this length overflow and made MDS crash.

For compatibility reason, add an assertion here if buffer advance length
is overflow.

Fixes: http://tracker.ceph.com/issues/36340

Signed-off-by: Zhi Zhang <zhangz.david@outlook.com>
---
 src/msg/async/Protocol.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/msg/async/Protocol.cc b/src/msg/async/Protocol.cc
index 9d3fa503fbb..bcd384e5e72 100644
--- a/src/msg/async/Protocol.cc
+++ b/src/msg/async/Protocol.cc
@@ -827,6 +827,7 @@ void ProtocolV1::handle_message_data(char *buffer, int r) {
 
   bufferptr bp = data_blp.get_current_ptr();
   unsigned read_len = std::min(bp.length(), msg_left);
+  ceph_assert(read_len < std::numeric_limits<int>::max());
   data_blp.advance(read_len);
   data.append(bp, 0, read_len);
   msg_left -= read_len;
-- 
2.39.5