From d71ccde4a3334a5497e4b230775da1e2f06f35bb Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Wed, 17 Aug 2016 19:39:12 +0800
Subject: [PATCH] osd: bail out if transaction size overflows

with a large MOSDMap message, the transaction size could be greater than
UINT_MAX. so fail early with error messages.

Fixes: http://tracker.ceph.com/issues/16982
Signed-off-by: Kefu Chai <kchai@redhat.com>
---
 src/osd/OSD.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index 6b0782621ffe7..d017977e12b85 100644
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -6704,10 +6704,16 @@ void OSD::handle_osd_map(MOSDMap *m)
   }
 
   ObjectStore::Transaction t;
+  uint64_t txn_size = 0;
 
   // store new maps: queue for disk and put in the osdmap cache
   epoch_t start = MAX(superblock.newest_map + 1, first);
   for (epoch_t e = start; e <= last; e++) {
+    if (txn_size >= t.get_num_bytes()) {
+      derr << __func__ << " transaction size overflowed" << dendl;
+      assert(txn_size < t.get_num_bytes());
+    }
+    txn_size = t.get_num_bytes();
     map<epoch_t,bufferlist>::iterator p;
     p = m->maps.find(e);
     if (p != m->maps.end()) {
-- 
2.39.5