From 5e0722fab5e548564a965b4af25d38f3eb106b49 Mon Sep 17 00:00:00 2001 From: Loic Dachary Date: Sun, 8 Dec 2013 14:38:59 +0100 Subject: [PATCH] crush: fix map->choose_tries boundary test CrushWrapper::start_choose_profile allocates map->choose_tries with choose_total_tries elements. When crush_choose_firstn sets a value, it tests against map->choose_local_tries which could lead to memory corruption if map->choose_total_tries is smaller than map->choose_local_tries. Another indesirable but non fatal side effect is that the output crushtool --show-choose-tries will be truncated to choose_local_tries which is set to a lower value than choose_total_tries by the default tuneables. Signed-off-by: Loic Dachary --- src/crush/mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crush/mapper.c b/src/crush/mapper.c index 3ae3724a98df5..0c21ddddbd75d 100644 --- a/src/crush/mapper.c +++ b/src/crush/mapper.c @@ -443,7 +443,7 @@ reject: out[outpos] = item; outpos++; - if (map->choose_tries && ftotal <= map->choose_local_tries) + if (map->choose_tries && ftotal <= map->choose_total_tries) map->choose_tries[ftotal]++; } -- 2.39.5